CVE-2026-28369 Undertow: undertow: request smuggling via malformed http request headers

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

Undertow 环境问题漏洞

Undertow is a web server provided by the Undertow company in the United States. Undertow has a security vulnerability that stems from its failure to follow standards when processing HTTP request headers starting with spaces. This vulnerability may allow remote attackers to execute request payload...

GO-2026-4835 NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing in github.com/nats-io/nats-server

NATS Server: Incomplete Stripping of Nats-Request-Info Header Allows Identity Spoofing in github.com/nats-io/nats-server...

RDMA/siw: Fix potential NULL pointer dereference in header processing

...

SUSE CVE-2026-23242

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error path in siwtcprxdata dereferences qp-rxfpdu-moreddpsegs without checking...

EUVD-2026-12801

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error path in siwtcprxdata dereferences qp-rxfpdu-moreddpsegs without checking...

CVE-2026-23242

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error path in siwtcprxdata dereferences qp-rxfpdu-moreddpsegs without checking...

CVE-2026-23242

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error path in siwtcprxdata dereferences qp-rxfpdu-moreddpsegs without checking...

UBUNTU-CVE-2026-23242

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error path in siwtcprxdata dereferences qp-rxfpdu-moreddpsegs without checking...

CVE-2026-23242

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error path in siwtcprxdata dereferences qp-rxfpdu-moreddpsegs without checking...

CVE-2026-23242 RDMA/siw: Fix potential NULL pointer dereference in header processing

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error path in siwtcprxdata dereferences qp-rxfpdu-moreddpsegs without checking...

CVE-2026-23242

CVE-2026-23242 affects the Linux kernel RDMA/siw header processing: siw_tcp_rx_data may dereference a NULL qp->rx_fpdu if siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(). The fix adds a NULL check for rx_fpdu before accessing more_ddp_segs, preventing the NULL pointer dereference. P...

CVE-2026-23242 RDMA/siw: Fix potential NULL pointer dereference in header processing

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error path in siwtcprxdata dereferences qp-rxfpdu-moreddpsegs without checking...

CVE-2026-23242

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error path in siwtcprxdata dereferences qp-rxfpdu-moreddpsegs without checking...

Linux Distros Unpatched Vulnerability : CVE-2026-23242

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/siw: Fix potential NULL pointer dereference in header processing If siwgethdr returns -EINVAL before setrxfpducontext, qp-rxfpdu can be NULL. The error pat...

Arbitrary Code Injection

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Arbitrary Code Injection

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection in PostScript header processing. An attacker can execute malicious code by submitting a file that is processed by a printer or viewer. Workaround This vulnerability can be mitigated by disabling the PostScript P...

Arbitrary Code Injection

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

OPENSUSE-SU-2026:20204-1 Security update for python-aiohttp, python-Brotli

This update for python-aiohttp, python-Brotli fixes the following issues: Changes in python-aiohttp: - CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. - CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. - CVE-2025-69224: Fixed...