CVE-2026-10871 Shibby Tomato Web UI rc start_6rd_tunnel os command injection

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start6rdtunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv66rdborderrelay leads to os command injection. It is possible to launch the attack remotely. The...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : FRR vulnerabilities (USN-8376-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8376-1 advisory. It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker cou...

Integer Underflow (Wrap or Wraparound)

Overview Affected versions of this package are vulnerable to Integer Underflow Wrap or Wraparound in the DecodeFromBytes function. An attacker can trigger a nil pointer dereference and panic by supplying a malicious BGP UPDATE message with a declared section length shorter than the actual data...

DEBIAN-CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

USN-8376-1: FRR vulnerabilities

It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. CVE-2026-28532 It was discovered that FRR incorrectly handled certain BGP FlowSpec component...

USN-8376-1 frr vulnerabilities

It was discovered that FRR incorrectly handled certain OSPF Traffic Engineering and Segment Routing TLVs. An attacker could possibly use this issue to cause FRR to crash, resulting in a denial of service. CVE-2026-28532 It was discovered that FRR incorrectly handled certain BGP FlowSpec component...

USN-8348-1: GoBGP vulnerabilities

It was discovered that GoBGP incorrectly handled certain specially crafted BGP UPDATE messages. A remote attacker could possibly use this issue to cause GoBGP to crash, resulting in a denial of service. CVE-2026-37461 Yanlei Wang discovered that GoBGP incorrectly handled certain malformed BGP...

FRRouting 安全漏洞

FRouting is an open-source network routing software suite that runs on Unix-like platforms. Versions of FRRouting from stable/10.0 to stable/10.6 have security vulnerabilities. These vulnerabilities stem from the lack of input validation in the rfapiRibBi2Ri function, which could allow attackers ...

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

PT-2026-45939

Missing input validation in the rfapiRibBi2Ri function rfapi rib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

EUVD-2026-34083

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

EUVD-2026-34101

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

PT-2026-45955

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37462

An integer underflow in the BGPUpdate.DecodeFromBytes function /bgp/bgp.go of gobgp v4.3.0 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

CVE-2026-37460

CVE-2026-37460 affects FRRouting (FRR) stable/10.0–10.6. The issue is in the rfapiRibBi2Ri() function (rfapi_rib.c) where missing input validation can be triggered by a crafted BGP UPDATE message, leading to Denial of Service. Connected sources consistently describe the same flaw and affected ran...

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

CVE-2026-49943

CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP ASPATH mask matching implementation in nest/a-path.c. The aspathmatch function uses a fixed-size stack array of 2048 + 1 pmpos entries, while parsepath expands ASPATH segments from a received BGP...

BIRD 安全漏洞

BIRD is a full-featured dynamic IP routing daemon developed by BIRD OpenSource. Versions of BIRD prior to 2.19.0 contained security vulnerabilities; these vulnerabilities stemmed from stack buffer overflows in the BGP ASPATH mask matching implementation, which could potentially cause the daemon t...