DEBIAN-CVE-2026-48688

FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MPREACHNLRI IPv6 attribute decoder. The function decodempreachipv6 in src/bgpprotocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after...

Moderate: Red Hat Security Advisory: freerdp security update

An update for freerdp is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

CVE-2026-48688

FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MPREACHNLRI IPv6 attribute decoder. The function decodempreachipv6 in src/bgpprotocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after...

RHEL 10 : freerdp (RHSA-2026:20605)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20605 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

Vanetza 安全漏洞

Vanetza is an open-source implementation of a vehicle communication protocol suite developed by Raphael Riebl. Versions of Vanetza prior to 26.02 contained security vulnerabilities. These vulnerabilities stemmed from the ASN.1 decoder accepting V2X messages that are syntactically valid but...

CVE-2026-48688

FastNetMon Community Edition up to 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder (decode_mp_reach_ipv6 in src/bgp_protocol.cpp). The description notes a TODO to add sanity checks to avoid reads after the attribute memory block, and that the function c...

EUVD-2026-31844

FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MPREACHNLRI IPv6 attribute decoder. The function decodempreachipv6 in src/bgpprotocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after...

CVE-2026-9365

A flaw was found in Ettercap. A remote attacker could exploit a heap-based buffer overflow vulnerability in the GG Dissector component by manipulating the gg argument within the FUNCDECODER function. This could lead to information disclosure, integrity impact, and availability impact. The attack...

CLSA-2026-1779694248 mpg123: Fix of CVE-2024-10573

CVE-2024-10573: Out-of-bounds write during PCM decoding of crafted streams could lead to heap corruption and potential arbitrary code execution; decode the MPEG header into a temporary copy that is only applied to the live handle after the frame body is validated upstream svn-r5442, main fix, and...

Linux Distros Unpatched Vulnerability : CVE-2026-46597

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs. CVE-2026-46597 Note that Nessu...

EUVD-2026-31576

A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNCDECODER of the file src/dissectors/ecgg.c of the component GG Dissector. The manipulation of the argument gg leads to heap-based buffer overflow. The attack is possible to be carried out remotely. The...

Ettercap 安全漏洞

Ettercap is an open-source suite designed to protect against man-in-the-middle attacks. It features sniffing of real-time connections and dynamic content filtering. Versions of Ettercap prior to 0.8.3 contained security vulnerabilities. These vulnerabilities stemmed from improper parameter handli...

SUSE CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

CLSA-2026-1779466465 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing remote memory disclosure via crafted compressed stream...

CLSA-2026-1779455173 Fix CVE(s): CVE-2026-43618

SECURITY UPDATE: integer overflow in compressed-token decoder allows memory disclosure to a malicious sender - debian/patches/CVE-2026-43618.patch: cap rxtoken at MAXTOKENINDEX and add overflow checks in recvcompressedtokennum/run; add CHUNKSIZE bound check in simplerecvtoken; initialize data=NUL...

CLSA-2026-1779438231 rsync: Fix of CVE-2026-43618

CVE-2026-43618: fix integer overflow in compressed-token decoder allowing memory disclosure via crafted compressed stream...

Incorrect Type Conversion or Cast

Overview github.com/golang/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending...

Incorrect Type Conversion or Cast

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending special...

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...