Apache Neethi 资源管理错误漏洞

Apache Neethi is a policy processing framework library developed by the Apache Foundation. There is a resource management vulnerability in Apache Neethi, which stems from the algorithmic complexity involved in policy normalization. This vulnerability may cause specially crafted WS-Policy document...

PT-2026-36315

Name of the Vulnerable Software and Affected Versions Apache MINA versions 2.1.0 through 2.1.11 Apache MINA versions 2.2.0 through 2.2.6 Description An insecure deserialization flaw exists in the resolveClass function of AbstractIoBuffer. One of the execution branches, specifically for primitive...

Apache MINA 代码问题漏洞

Apache MINA is a web application framework developed by the Apache Foundation in the United States. This product is primarily used for developing high-performance and highly scalable web applications. There were code vulnerabilities in versions of Apache MINA from 2.1.0 to 2.1.11, as well as in...

Apache Neethi 代码问题漏洞

Apache Neethi is a policy processing framework library developed by the Apache Foundation. Apache Neethi has code-related vulnerabilities; these vulnerabilities arise from the lack of restrictions on URIs when manually retrieving remote policy references via the PolicyReference API. This could le...

PT-2026-36309

Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description An issue exists in policy normalization where algorithmic complexity allows for a Denial of Service attack. Specially crafted WS-Policy documents can trigger an exponential Cartesian...

CVE-2026-40453

A flaw was found in Apache Camel. A remote attacker with Java Message Service JMS producer access could exploit a vulnerability in how certain header filter strategies process case-variant internal headers. This discrepancy, where filtering is case-sensitive but header processing is not, allows f...

Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application...

Apache Thrift: Node.js skip() recursion

...

Apache Thrift: Swift Compact Protocol integer overflow

...

Apache Thrift: Java TSSLTransportFactory hostname verification

...

Apache Thrift: Go TFramedTransport uint32 overflow

...

Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error.

...

CVE-2026-41607

A flaw was found in Apache Thrift. This out-of-bounds read vulnerability can lead to the disclosure of sensitive information or a denial of service...

CVE-2026-41604

A flaw was found in Apache Thrift. This out-of-bounds read vulnerability could allow an attacker to access memory outside of allocated bounds. This could lead to information disclosure or potentially a denial of service DoS condition...

CVE-2026-41605

A flaw was found in Apache Thrift. This integer overflow or wraparound vulnerability could potentially lead to unexpected behavior or resource exhaustion, which may impact the availability or integrity of the system. The exact consequences depend on how the overflow is triggered and handled withi...

CVE-2026-41603

A flaw was found in Apache Thrift. This vulnerability involves improper validation of server certificates, where the hostname presented in the certificate does not match the expected hostname. A remote attacker could exploit this to impersonate a legitimate server, potentially intercepting or...

CVE-2026-41602

A flaw was found in the Apache Thrift TFramedTransport Go language implementation. This integer overflow or wraparound vulnerability could potentially allow an attacker to cause unexpected behavior or resource exhaustion, leading to a denial of service...

CVE-2026-41606

A flaw was found in Apache Thrift. An uncontrolled recursion vulnerability exists, which could allow a remote attacker to trigger a Denial of Service DoS condition. This occurs when the affected component processes specially crafted input, leading to excessive resource consumption and system...

SUSE CVE-2026-41602

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

SUSE CVE-2026-41603

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...