SUSE CVE-2026-7734

A vulnerability has been found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefixsid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. The attack may be performed from...

OESA-2026-2228 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of...

EUVD-2026-28801

Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning...

CVE-2026-42285 GoBGP: Panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference)

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP peer can trigger a fatal panic in GoBGP by sending a specially crafted BGP UPDATE message. When the server receives a message with inconsistent...

CVE-2026-41642

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

CVE-2026-41642 GoBGP: Remote Denial of Service (Panic) via Malformed Well-known Path Attribute

GoBGP is an open source Border Gateway Protocol BGP implementation in the Go Programming Language. In version 4.3.0, a remote Denial of Service DoS vulnerability exists in GoBGP due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ParseBody function of the BMP parser. An attacker can cause a denial of service by sending specially crafted BMP messages that trigger an out-of-bounds read. Remediation Upgrade...

CVE-2026-7737

CVE-2026-7737 affects osrg GoBGP up to 4.3.0. The vulnerability lies in the BMP parser, specifically BMPPeerUpNotification.ParseBody and BMPStatisticsReport.ParseBody in pkg/packet/bmp/bmp.go, where input manipulation leads to an out-of-bounds read. The issue is exploitable remotely. A fix is pub...

CVE-2026-7735 osrg GoBGP AIGP Attribute bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

CVE-2026-7734

The CVE-2026-7734 affects osrg GoBGP up to 4.3.0, specifically the SRv6 L3 Service component’s DecodeFromBytes function in pkg/packet/bgp/prefix_sid.go. The issue allows remote manipulation of input data to trigger a denial of service. A fix is available in GoBGP v4.4.0, with the patch identified...

CVE-2026-5403 Heap-based Buffer Overflow in Wireshark

SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution...

CVE-2026-5656

CVE-2026-5656 affects Wireshark profiles import in Wireshark 4.6.0–4.6.4 and 4.4.0–4.4.14, due to improper restriction of a pathname to a restricted directory (path traversal). The issue can lead to denial of service and possible code execution. CVSS v3.1: AV Local, AC High, PR None, UI Required,...

UBUNTU-CVE-2026-6524

MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

UBUNTU-CVE-2026-6529

iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

UBUNTU-CVE-2026-6532

Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

EUVD-2026-26324

AMR-NB codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the CapFQDN.DecodeFromBytes function of the BGP OPEN Message Handler. An attacker can bypass intended access controls by manipulating the domainNameLen argument remotely, potentially resulting in...

CVE-2025-59706

In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution...

PT-2026-27779

Name of the Vulnerable Software and Affected Versions N2W versions prior to 4.3.2 N2W version 4.4.0 Description Improper validation of API request parameters can allow for remote code execution. Recommendations Update N2W to a version newer than 4.3.2. Update N2W to a version newer than 4.4.0...

CVE-2025-32991

In N2WS Backup & Recovery before 4.4.0, a two-step attack against the RESTful API results in remote code execution...