Security Bulletin: Multiple Vulnerabilities in IBM Bob

Summary Multiple vulnerabilities were addressed in IBM Bob V 1.0.3 Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-40175)

Summary IBM Security SOAR uses an older version of the Axios component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.0 Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios i...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of netty-handler-proxy

Summary Due to use of netty-handler-proxy, DevOps Test Performance and Rational Performance Tester contain a potential header injection vulnerability. Vulnerability Details CVEID:CVE-2026-42578 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Fina...

PT-2026-39727

Name of the Vulnerable Software and Affected Versions cowlib versions 2.9.0 and later Description Improper Neutralization of CRLF Sequences CRLF Injection occurs when the cow cookie:cookie/1 function builds a client-side Cookie request header from name-value pairs without validating the fields. A...

CVE-2026-43870

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

MiracleLinux 4 : firefox-3.6.24-3.0.1.AXS4, xulrunner-1.9.2.24-2.1.0.1.AXS4 (AXSA:2012-81:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-81:01 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security issues fixed with this release...

EUVD-2025-27982

Malicious code in bioql PyPI...

Important: ruby

Issue Overview: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the...

SUSE CVE-2011-3000

Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not properly handle HTTP responses that contain multiple Location, Content-Length, or Content-Disposition headers, which makes it easier for remote attackers to conduct HTTP response splitting...

ruby: HTTP response splitting in WEBrick

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header an attacker can exploit it to insert a newline character to split a header and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742 which addressed the CRLF vector but did not address an isolated CR or an isolated LF.

...

Pivotal Software management plugin CRLF injection vulnerability

Pivotal Software RabbitMQ is a British company Pivotal Software's set of implementation of the Advanced Message Queuing Protocol AMQP open source message broker software. RabbitMQ management is one of the management plug-in . A CRLF injection vulnerability exists in the management plugin for...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Multiple vulnerabilities have been discovered in Adobe Flash Player: The access scope of SystemsetClipboard...

Debian DSA-1652-1 : ruby1.9 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe...

Debian DSA-1651-1 : ruby1.8 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe...