Unity Linux 20.1060e / 20.1070e Security Update: tomcat (UTSA-2026-017427)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017427 advisory. Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate incoming TLS packets. When Tomcat was configured to use NIO+OpenS...

CVE-2026-31467

In the Linux kernel, the following vulnerability has been resolved: erofs: add GFPNOIO in the bio completion if needed The bio completion path in the process context e.g. dm-verity will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies...

CLSA-2026-1774426919 Fix CVE(s): CVE-2025-66614

SECURITY UPDATE: SNI hostname not stored for NIO2 and APR connectors - debian/patches/CVE-2025-66614.patch: store SNI hostname for NIO2 and APR connections so that SNI checks are not bypassed - CVE-2025-66614...

CLSA-2026-1769597819 Fix CVE(s): CVE-2025-58436

SECURITY UPDATE: cupsd DoS via slow client connections - debian/patches/CVE-2025-58436.patch: implement non-blocking I/O and connection timeouts to prevent slow clients from blocking cupsd. - CVE-2025-58436...

OESA-2024-2579 undertow security update

Java web server using non-blocking IO Security Fixes: Description: Product Security received a report that Undertow might incorrectly re-use an HTTP request header value from a previous stream for a request associated with a subsequent stream on the same HTTP/2 connection. The issue is linked to...

SUSE CVE-2011-0534

Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service OutOfMemoryError via a crafted request...

SUSE CVE-2011-0872

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 25 and earlier allows remote attackers to affect availability via unknown vectors related to NIO...

SUSE CVE-2021-30639

A vulnerability in Apache Tomcat allows an attacker to remotely trigger a denial of service. An error introduced as part of a change to improve error handling during non-blocking I/O meant that the error flag associated with the Request object was not reset between requests. This meant that once ...

Node.js trust management issue vulnerability

nodejs is a JavaScript runtime environment based on the ChromeV8 engine that makes it possible to develop high-performance backend applications using Javascript by wrapping the Chromev8 engine and using event-driven and non-blocking IO applications. nodejs is vulnerable to trust management issues...

Nodejs Command Injection Vulnerability

nodejs is a JavaScript runtime environment based on the ChromeV8 engine through the Chromev8 engine for the packaging and the use of event-driven and non-blocking IO applications so that the development of high-performance Javascript background applications has become possible . A command injecti...

tomcat: Infinite loop while reading an unexpected TLS packet when using OpenSSL JSSE engine

A flaw was found in Apache Tomcat. When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet can trigger an infinite loop, resulting in a denial of service. The highest threat from this vulnerability is to system availability...

DEBIAN-CVE-2020-14340

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final...

Fedora: Security Advisory for python-eventlet (FEDORA-2021-d5915c247b)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

tomcat: information disclosure due to incorrect Processor sharing

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body...

Vulnerability in OpenSSL - Multiblock corrupted pointer

Multiblock corrupted pointer. OpenSSL 1.0.2 introduced the “multiblock” performance improvement. This feature only applies on 64 bit x86 architecture platforms that support AES NI instructions. A defect in the implementation of “multiblock” can cause OpenSSL’s internal write buffer to become...

Tomcat - Denial Of Service when using NIO+SSL+sendfile

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service infinite loop by terminating the connection during the reading of a...

Tomcat - Denial Of Service when using NIO+SSL+sendfile

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service infinite loop by terminating the connection during the reading of a...

tomcat: HTTP NIO connector OOM DoS via a request with large headers

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service memory consumption via a large amount of head...

Tomcat - Denial Of Service when using NIO+SSL+sendfile

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service infinite loop by terminating the connection during the reading of a...

tomcat: security manager restrictions bypass

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service infinite lo...