CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: tcpmetrics: validate source addr length I don’t see any checks to ensure that TCPMETRICSATTRSADDRIPV4 is at least 4 bytes long. Also, the policy does not have any entries for this attribute at all similarly, there are no entries...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021629 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general...

[SECURITY] Fedora 43 Update: perl-Net-CIDR-Lite-0.24-1.fc43

Faster alternative to Net::CIDR when merging a large number of CIDR address ranges. Works for IPv4 and IPv6 addresses...

[SECURITY] Fedora 44 Update: perl-Net-CIDR-Lite-0.24-1.fc44

Faster alternative to Net::CIDR when merging a large number of CIDR address ranges. Works for IPv4 and IPv6 addresses...

CVE-2026-8369 Improper Input Validation in OpenThread NAT64 Translator

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options...

CVE-2026-8369 Improper Input Validation in OpenThread NAT64 Translator

Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject corrupted IPv6 packets into the Thread mesh or bypass security checks via crafted IPv4 packets with options...

CVE-2025-40833

The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual restart is required to recover the system...

PT-2026-39978

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A null pointer dereference occurs during the processing of specially crafted IPv4 requests. This issue allows an attacker to trigger a denial of service conditio...

CVE-2026-43099

A flaw was found in the Linux kernel, specifically within the IPv4 Internet Protocol version 4 and ICMP Internet Control Message Protocol components. When the IPv6 Internet Protocol version 6 stack is not active, a specific function ipv6devfind can return an error. If this error is then passed to...

RHCOS 4 : OpenShift Container Platform 4.13.48 (RHSA-2024:5446)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5446 advisory. - golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 -...

RHCOS 4 : OpenShift Container Platform 4.12.63 (RHSA-2024:5202)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5202 advisory. - golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 -...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: ipvlan: Ensure that the network headers are in the skb linear part. syzbot found that ipvlanprocessv6outbound assumes that the IPv6 network header isis present in skb-head 1. Add the necessary pskbnetworkmaypull calls for both...

EUVD-2026-26636

In the Linux kernel, the following vulnerability has been resolved: ip6tunnel: clear skb2-cb in ip4ip6err Oskar Kjos reported the following problem. ip4ip6err calls icmpsend on a cloned skb whose cb was written by the IPv6 receive path as struct inet6skbparm. icmpsend passes IPCBskb2 to...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a buffer error vulnerability that stems from the ip4ip6err function failing to clear the cb array of skb2, which results in the IPv6 cb structure...

[SECURITY] Fedora 43 Update: perl-Net-CIDR-Lite-0.23-1.fc43

Faster alternative to Net::CIDR when merging a large number of CIDR address ranges. Works for IPv4 and IPv6 addresses...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013056)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013056 advisory. In the Linux kernel, the following vulnerability has been resolved: net/ip6tunnel: Prevent perpetual tunnel growth Similarly to ipv4 tunnel, ipv6 version updates...

[SECURITY] Fedora 42 Update: kea-3.0.3-1.fc42

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

GHSA-XPCF-PG52-R92G Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

Summary ipRestriction does not canonicalize IPv4-mapped IPv6 client addresses e.g. ::ffff:127.0.0.1 before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause IPv4 rules to fail to match, leading to unintended authorization behavior. Details The middlewar...

Hono has incorrect IP matching in ipRestriction() for IPv4-mapped IPv6 addresses

Summary ipRestriction does not canonicalize IPv4-mapped IPv6 client addresses e.g. ::ffff:127.0.0.1 before applying IPv4 allow or deny rules. In environments such as Node.js dual-stack, this can cause IPv4 rules to fail to match, leading to unintended authorization behavior. Details The middlewar...