FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-12-08 21:19:55 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6af5e3a3-f85a-11ef-95b9-589cfc10a551	unit -- potential security issue The NGINX Unit team reports: Unit 1.34.2 fixes two issues in the Java language module websocket code. It addresses a potential security issue where we could get a negative payload length that could cause the Java language module process(es) to enter an infinite loop and consume excess CPU. This was a bug carried over from the initial Java websocket code import. It has been re-issued a CVE number (CVE-2025-1695). It addresses an issue whereby decoded payload lengths would be limited to 32 bits. Discovery 2025-03-03 Entry 2025-03-03 unit unit-java >= 1.11.0 lt 1.34.2 CVE-2025-1695 https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html
c95836a0-2b3b-11e9-9838-8c164567ca3c	unit -- heap memory buffer overflow unit security problems: CVE-2019-7401: a head memory buffer overflow might have been caused in the router process by a specially crafted request, potentially resulting in a segmentation fault or other unspecified behavior. Discovery 2019-02-07 Entry 2019-02-08 unit >= 0.3.0 lt 1.7.1 http://mailman.nginx.org/pipermail/unit/2019-February/000112.html CVE-2019-7401

VuXML ID

Description

6af5e3a3-f85a-11ef-95b9-589cfc10a551

unit -- potential security issue

The NGINX Unit team reports:

Unit 1.34.2 fixes two issues in the Java language module websocket code.

It addresses a potential security issue where we could get a negative payload length that could cause the Java language module process(es) to enter an infinite loop and consume excess CPU. This was a bug carried over from the initial Java websocket code import. It has been re-issued a CVE number (CVE-2025-1695).

It addresses an issue whereby decoded payload lengths would be limited to 32 bits.

Discovery 2025-03-03
Entry 2025-03-03
unit
unit-java

>= 1.11.0 lt 1.34.2

CVE-2025-1695
https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html

c95836a0-2b3b-11e9-9838-8c164567ca3c

unit -- heap memory buffer overflow

unit security problems:

CVE-2019-7401: a head memory buffer overflow might have

been caused in the router process by a specially crafted

request, potentially resulting in a segmentation fault

or other unspecified behavior.

Discovery 2019-02-07
Entry 2019-02-08
unit

>= 0.3.0 lt 1.7.1

http://mailman.nginx.org/pipermail/unit/2019-February/000112.html
CVE-2019-7401