Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to authentication and command execution issues due to the Eclipse Jetty package (CVE-2023-36479, CVE-2023-40167, CVE-2023-41900)

Summary Eclipse Jetty is used by IBM DataStage on Cloud Pak for Data as part of web server functionality. Vulnerability Details CVEID:CVE-2023-36479 DESCRIPTION: Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific...

CVE-2023-20026

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input with...

CVE-2023-20025

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP...

CVE-2025-29891 Apache Camel: Camel Message Header Injection through request parameters

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is...

CVE-2025-29904

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible...

CVE-2025-29904

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible...

CVE-2025-29904

In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible...

CVE-2025-29904

CVE-2025-29904 : JetBrains Ktor before 3.1.1 is vulnerable to HTTP Request Smuggling. The issue affects Ktor’s HTTP handling prior to 3.1.1. Remediation: upgrade to 3.1.1 or newer (per Nessus/Snyk analyses and vendor advisories).

IBM Control Center Input Validation Error Vulnerability (CNVD-2025-06654)

IBM Control Center is a centralized monitoring and management system from International Business Machines IBM. An input validation error vulnerability exists in IBM Control Center versions 6.2.1 through 6.3.1, which stems from improper user input validation, and can be exploited by an attacker to...

PT-2025-11038

Name of the Vulnerable Software and Affected Versions: JetBrains Ktor versions prior to 3.1.1 Description: The issue allows for HTTP Request Smuggling. Recommendations: For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue...

Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Netezza nz-linux-amd64 0.7.1

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2021-29923 DESCRIPTION: Golang Go could allow a...

PT-2025-11679 · Openresty +1 · Lua-Nginx-Module +2

Name of the Vulnerable Software and Affected Versions: OpenResty/lua-nginx-module affected versions not specified Description: The issue concerns HTTP Request Smuggling in HEAD requests. When handling HTTP/1.1 requests, the lua-nginx-module incorrectly parses HEAD requests with a body, treating t...

Advisory ROSA-SA-2025-2767

Software: libsoup 2.62.3 OS: ROSA Virtualization 3.0 packageevrstring: libsoup-2.62.3-7.rv30 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...

Advisory ROSA-SA-2025-2764

Software: libsoup 2.62.3 OS: ROSA Virtualization 2.1 packageevrstring: libsoup-2.62.3-7.rv3 CVE-ID: CVE-2024-52530 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: An HTTP request smuggling vulnerability in GNOME libsoup allows an attacker to trick the server by injecting the '\0' character into request...

Medium: php8.2

Issue Overview: The upstream advisory describes this issue as follows: A memory-related vulnerability in PHP's filter handling system, particularly when processing input with convert.quoted-printable-decode filters, leads to a segmentation fault. This vulnerability is triggered through specific...

Linux Distros Unpatched Vulnerability : CVE-2024-52530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\0' characters at the end of header names are ignored, i.e., a...

Linux Distros Unpatched Vulnerability : CVE-2024-53008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent interpretation of HTTP requests 'HTTP Request/Response Smuggling' issue exists in HAProxy. If this vulnerability is exploited, a remote attacker ma...

CVE-2025-1867

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3...

Linux Distros Unpatched Vulnerability : CVE-2024-21647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer...

Linux Distros Unpatched Vulnerability : CVE-2022-1705

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined...