BIT-NGINX-2025-1695 NGINX Unit Java Vulnerability

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

CVE-2025-1695

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

Linux Distros Unpatched Vulnerability : CVE-2024-7347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module, which might allow an attacker to over-read NGINX worker memory resulting in its...

Linux Distros Unpatched Vulnerability : CVE-2022-41742

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R...

Linux Distros Unpatched Vulnerability : CVE-2021-42717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web serve...

Linux Distros Unpatched Vulnerability : CVE-2022-41741

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R...

CVE-2025-1695

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

CVE-2025-1695

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

CVE-2025-1695

NGINX Unit 1.34.2+ with the Java Language Module is affected by CVE-2025-1695. In versions prior to 1.34.2, undisclosed requests can trigger an infinite loop, increasing CPU utilization and causing a limited denial-of-service on the data plane. The issue is a data-plane degradation with no contro...

CVE-2025-1695 NGINX Unit Java Vulnerability

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

CVE-2025-1695 NGINX Unit Java Vulnerability

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

Linux Distros Unpatched Vulnerability : CVE-2016-1247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubun...

Linux Distros Unpatched Vulnerability : CVE-2021-23017

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory...

F5 NGINX Unit 安全漏洞

F5 NGINX Unit is a multilingual dynamic application server from F5 Corporation. The product supports a RESTful JSON API to run applications built using multiple languages and frameworks. A security vulnerability exists in F5 NGINX Unit prior to version 1.34.2, which stems from an infinite loop th...

Linux Distros Unpatched Vulnerability : CVE-2019-20372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX before 1.17.7, with certain errorpage configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized we...

K000149959: NGINX Unit vulnerability CVE-2025-1695

Security Advisory Description When NGINX Unit with the Java Language Module is in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. CVE-2025-1695 Impact System performance can degrade due to high CPU utilization. This vulnerability allows a...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2025-842)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-842 advisory. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This...

GHSA-M46H-9PV9-W5XP vulnerabilities

Vulnerabilities for packages: nginx-mainline...

GHSA-38GR-CJJP-3F5W vulnerabilities

Vulnerabilities for packages: nginx-mainline...

GHSA-3WHM-J4XM-RV8X vulnerabilities

Vulnerabilities for packages: jitsucom-bulker, k3s, kargo, opentelemetry-operator, gostatsd, mockery, prometheus-alertmanager, k8ssandra-operator, crossplane-provider-aws-firehose, stakater-reloader, harbor-registry, seaweedfs, opensearch-k8s-operator, nri-mongodb, aws-flb-kinesis, minio-operator...