Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart [CVE-2026-28356]

Summary IBM Watson Speech Services Cartridge is vulnerable to exponential backtracking in multipart due to the parseoptionsheader function in multipart.py, that uses a regular expression with an ambiguous alternation, which can cause exponential backtracking ReDoS when parsing maliciously crafted...

SUSE-SU-2026:21741-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...

SUSE-SU-2026:21728-1 Security update for python-urllib3

This update for python-urllib3 fixes the following issue - CVE-2026-44431: sensitive information disclosure due to sensitive headers being forwarded across origins in proxied low-level redirects bsc1265267...

PT-2026-42669

Name of the Vulnerable Software and Affected Versions Nimiq versions prior to 1.4.0 Description A logic flaw in the is block proven function within BlockInclusionProof allows the function to return true without performing cryptographic verification when get interlink hops returns an empty hop lis...

Netatalk 缓冲区错误漏洞

Netatalk is an open-source software developed by Netatalk. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 2.1.0 to 4.4.2 of Netatalk contain a buffer error vulnerability. This vulnerability stems from excessive heap reading during t...

Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...

Malicious code in @signetai/signet-memory-openclaw (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b16e55a5379336a0ab822ee9fe70b20023e452595f41cfe2624464aadb73d390 On plugin load, register invokes installFetchSanitizer dist/index.js:14420-14463 which monkey-patches globalThis.fetch. For requests to...

Improper Validation of Unsafe Equivalence in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the CXF-RS or CXF-SOAP endpoints due to missing inbound filtering via setInFilterStartsWith. An attacker can execute arbitrary code and write files by injecting Camel-internal header...

Astra Linux - уязвимость в binutils

A NULL pointer dereference was discovered in elflinkaddobjectsymbols in elflink.c within the Binary File Descriptor BFD library also known as libbfd, as part of the GNU Binutils 2.31.1. This issue occurs with a specially crafted ETDYN file that lacks program headers. A specially crafted ELF file...

Astra Linux - уязвимость в linux, linux-5.10

Guests can trigger the reset/abort/crash of the NIC interface through netback. It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux-based network backend by sending certain types of packets. It seems to be an unstated assumption in the rest of the Linux network stack...

Astra Linux - уязвимость в tar

In the sparse.c file of GNU Tar, before version 1.32, there was a NULL pointer dereferencing issue when parsing certain archives that contained malformed extended headers...

Astra Linux - уязвимость в golang-golang-x-net, golang-1.19

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request’s headers exceed MaxHeaderBytes, no...

Astra Linux - уязвимость в python2.7, pypy

In Lib/tarfile.py in Python 3.8.3, an attacker can create a TAR archive that causes an infinite loop when opened using tarfile.open, due to the lack of header validation in procpax...

Astra Linux - уязвимость в golang-1.19, golang-1.23

Proxy-Authorization and Proxy-Authenticate headers remain after cross-origin redirections, potentially exposing sensitive information...

Astra Linux - уязвимость в python-django

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of the Accept-Language header are cached in order to avoid repeated parsing. This can lead to a potential denial-of-service vulnerability due to excessive memory usage if the raw value of the Accept-Language...

Astra Linux - уязвимость в apache2

HTTP/2 incoming headers that exceed the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client continues to send headers, this can lead to memory exhaustion...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in the GNU Binutils through version 2.31. There is a heap-based buffer overflow in the bfdelf32swapphdrin function in elfcode.h, because the number of program headers is not restricted...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec – Fix for memory leak in the elf header buffer This issue was reported by the kmemleak detector: Unreferenced object: 0xff2000000403d000 size 4096 Command: “kexec”, PID: 146, Jiffies: 4294900633 age: 64.792 seconds...

Astra Linux - уязвимость в gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, resulting in HTTP Request Smuggling HRS vulnerabilities. By creating requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue arises due to Gunicorn’s...

Astra Linux - уязвимость в ruby-rack

Rack is a modular Ruby web server interface. Carefully crafted headers may cause header parsing in Rack to take longer than expected, potentially leading to a denial-of-service issue. The Accept and Forwarded headers are affected. Ruby 3.2 includes fixes for this problem, so Rack applications tha...