18 matches found
Apache Neethi: Apache Neethi: Information disclosure and network access bypass via PolicyReference API
A flaw was found in Apache Neethi. When an application explicitly calls the PolicyReference API to retrieve a policy from a remote Uniform Resource Identifier URI, Apache Neethi does not impose restrictions on the URI. This allows a remote attacker to cause the application to make outbound reques...
Server-Side Request Forgery (SSRF)
Apache Neethi is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to lack of validation of URIs in the PolicyReference API, allowing applications to fetch policies from arbitrary protocols or internal addresses, enabling attackers to trigger outbound requests to internal o...
Apache Neethi doesn't impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the PolicyReference API when fetching remote policy references. An attacker can access internal resources or arbitrary protocols by supplying a crafted URI. Remediation Upgrade org.apache.neethi:neet...
CVE-2026-42404
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...
CVE-2026-42404 Apache Neethi: Unrestricted HTTP Redirect Following in Policy References
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...
CVE-2026-42404 Apache Neethi: Unrestricted HTTP Redirect Following in Policy References
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...
CVE-2026-42403 Apache Neethi: Circular Policy Reference Infinite Loop
Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references where Policy A references Policy B which references Policy A, the policy normalization process can enter an infinite loop or cause excessive recursion,...
PT-2026-36313
Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description The PolicyReference API does not impose restrictions on URIs when manually fetching remote policy references. This allows an application that explicitly calls the API to make outbound requests...
Apache Neethi 代码问题漏洞
Apache Neethi is a policy processing framework library developed by the Apache Foundation. Apache Neethi has code-related vulnerabilities; these vulnerabilities arise from the lack of restrictions on URIs when manually retrieving remote policy references via the PolicyReference API. This could le...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013103)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013103 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the ConfigMap context loader due to missing validation of the namespace value. An attacker can access sensitive data from ConfigMaps in unauthorized namespaces by creating a policy that references another...
SUSE CVE-2025-40194
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in updateqosrequest takes place too early because the latter subsequently calls freqqosupdaterequest that indirectly accesses the policy...
DEBIAN-CVE-2025-40194
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in updateqosrequest takes place too early because the latter subsequently calls freqqosupdaterequest that indirectly accesses the policy...
UBUNTU-CVE-2025-40194
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in updateqosrequest takes place too early because the latter subsequently calls freqqosupdaterequest that indirectly accesses the policy...
CVE-2025-40194 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in updateqosrequest takes place too early because the latter subsequently calls freqqosupdaterequest that indirectly accesses the policy...
CVE-2025-40194 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in updateqosrequest takes place too early because the latter subsequently calls freqqosupdaterequest that indirectly accesses the policy...
MS:D97E89F5-63BA-4DEF-9AB6-A70CF7770440
...