Security update for openCryptoki

This update for openCryptoki fixes the following issues: CVE-2026-40253: updated fix by IBM for malformed BER-encoded cryptographic objects bsc1263819 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2026:1723-1 Security update for openCryptoki

This update for openCryptoki fixes the following issues: - CVE-2026-40253: updated fix by IBM for malformed BER-encoded cryptographic objects bsc1263819...

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-40562

Gazelle for Perl (versions up to 0.49) is affected by HTTP Request Smuggling due to improper header precedence: Content-Length is prioritized over Transfer-Encoding: chunked when both headers are present, contravening RFC 7230 section 3.3.3. This can enable smuggling of requests via a front-end r...

CVE-2026-40562 Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

CVE-2026-43243

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add signal type check for dcn401 getphyd32clksrc Trying to access link enc on a dpia link will cause a crash otherwise...

CVE-2026-43233

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: fix OOB read in decodechoice In decodechoice, the boundary check before getlen uses the variable len, which is still 0 from its initialization at the top of the function: unsigned int type, ext, len = ...

PT-2026-37626

Name of the Vulnerable Software and Affected Versions Gazelle versions prior to 0.50 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request,...

PT-2026-37573

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An out-of-bounds read exists in the decode choice function within the nf conntrack h323 helper of the netfilter component. The issue occurs because the boundary check before calling get...

ROS-20260506-73-0036

Vulnerability in tomcat11 related to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

A Novel Byte-Level Flow-To-Image Encoding Method for Network Intrusion Detection Systems

Network-based Intrusion Detection Systems IDS are predominantly trained on tabular flow records, whose one-dimensional representations limit convolutional architectures from exploiting inter-feature spatial correlations. This paper presents a novel byte-level flow-to-image encoding method that...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the absence of data entries on the SM8750 platform. This vulnerability may lead to failed...

ROS-20260506-73-0034

Vulnerability in tomcat due to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

PINSIGHT: A Comprehensive Threat Exploration of Domain-Adaptive Wi-Fi Based PIN Code Inference

Wi-Fi signals can be exploited by adversaries as a sensing side channel to eavesdrop on physical information. By monitoring propagation effects of radio waves within the victim's environment, attackers can remotely infer sensitive information. One particularly concerning example is PIN code...

ROS-20260506-73-0035

Vulnerability in tomcat10 related to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the User-Agent header being logged and later rendered in the admin event log interface without proper output encoding. An attacker can execute arbitrary JavaScript in an administrator's browser by submitting...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper handling of resource path matching and authorization checks. An attacker can gain unauthorized access to protected resources or perform unauthorized actions by crafting requests that exploit...

S3-Proxy has Security Issues in its Resource Path Matching Implementation

Background The original concern is functional: a resource pattern should treat a percent-encoded segment like some%2Fvalue as a single opaque token rather than splitting it into two path segments at the decoded /. Investigation into why %2F was being decoded and how routes matched against the...

GHSA-V8H7-RR48-VMMV Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection

Summary Netty allows request-line validation to be bypassed when a DefaultHttpRequest or DefaultFullHttpRequest is created first and its URI is later changed via setUri. The constructors reject CRLF and whitespace characters that would break the start-line, but setUri does not apply the same...