Apache Pekko Management 安全漏洞

Apache Pekko Management is a set of tools from the Apache Foundation USA for operating Pekko clusters. A security vulnerability exists in Apache Pekko Management versions prior to 1.0.0 that stems from the possibility that basic authentication in the Java DSL may not be applied correctly...

BIT-NGINX-2025-1695 NGINX Unit Java Vulnerability

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

CVE-2025-1695

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

CVE-2025-1695

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

CVE-2025-1695

NGINX Unit 1.34.2+ with the Java Language Module is affected by CVE-2025-1695. In versions prior to 1.34.2, undisclosed requests can trigger an infinite loop, increasing CPU utilization and causing a limited denial-of-service on the data plane. The issue is a data-plane degradation with no contro...

CVE-2025-1695 NGINX Unit Java Vulnerability

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service DoS. There...

FreeBSD : unit -- potential security issue (6af5e3a3-f85a-11ef-95b9-589cfc10a551)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6af5e3a3-f85a-11ef-95b9-589cfc10a551 advisory. SO-AND-SO reports: Unit 1.34.2 fixes two issues in the Java language module websocket code. Tenable has...

K000149959: NGINX Unit vulnerability CVE-2025-1695

Security Advisory Description When NGINX Unit with the Java Language Module is in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. CVE-2025-1695 Impact System performance can degrade due to high CPU utilization. This vulnerability allows a...

unit -- potential security issue

The NGINX Unit team reports: Unit 1.34.2 fixes two issues in the Java language module websocket code. It addresses a potential security issue where we could get a negative payload length that could cause the Java language module processes to enter an infinite loop and consume excess CPU. This was...

CVE-2024-40642

The netty incubator codec.bhttp is a java language binary http parser. In affected versions the BinaryHttpParser class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issue...

PT-2025-11572 · Git +1 · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: The software experiences a security exception during the parsing of Java expressions within the JavaLanguageParser.expr component. This issue involves operations related to writing data...

OSV-2024-1199 Security exception in java.base/java.lang.Short.valueOf

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=372547195 Crash type: Security exception Crash state: java.base/java.lang.Short.valueOf org.apache.poi.ddf.EscherRecordTypes.forTypeID org.apache.poi.ddf.DefaultEscherRecordFactory.getConstructor...

PT-2024-40580 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, leading to a crash. The issue is related to the com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr...

PT-2024-40838 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a security exception, with details provided in an OSS-Fuzz report. The crash state involves methods such as...

PT-2024-40829 · Unknown · Checkstyle

Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: A security exception occurs in the JavaLanguageParser.expr function, potentially related to encoding issues in the UTF 8.updatePositions and UTF 8$Encoder.encodeArrayLoop functions...

PT-2024-40813 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash has been reported, involving the com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr and related Java...

PublicCMS Code Issues Vulnerabilities

PublicCMS is an open source content management system CMS written in Java by PublicCMS China. A code issue vulnerability exists in PublicCMS version v4.0.202302.e. The vulnerability stems from the presence of an arbitrary file upload vulnerability, which allows an attacker to execute arbitrary co...

Microsoft Authentication Library Competitive Conditions Issue Vulnerability

Microsoft Authentication Library MSAL is an authentication library from Microsoft Corporation. A competitive condition vulnerability exists in Microsoft Authentication Library. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected:...

PT-2024-40777 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr and...

OFCMS 安全漏洞

Zhongtian Network Technology OFCMS is a content management system CMS developed in Java language by China Zhongtian Network Technology Company. A security vulnerability exists in OFCMS version V1.1.2, which originates from an easy SQL injection attack via a new table function...