CVE-2026-31752

In the Linux kernel, the following vulnerability has been resolved: bridge: brndsend: validate ND option lengths brndsend walks ND options according to option-provided lengths. A malformed option can make the parser advance beyond the computed option span or use a too-short source LLADDR option...

PT-2026-3863

Name of the Vulnerable Software and Affected Versions 5ire versions prior to 0.15.3 Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, unsafe HTML rendering allows untrusted HTML, including on event attributes...

EUVD-2025-25898

Malicious code in bioql PyPI...

net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.

...

CVE-2025-50989

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint interfacesbridgeedit.php. The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitra...

CVE-2025-50989

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint interfacesbridgeedit.php. The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitra...

CVE-2025-50989

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint interfacesbridgeedit.php. The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitra...

Deciso OPNsense 操作系统命令注入漏洞

Deciso OPNsense is a suite of FreeBSD-based open source firewall and routing software from Dutch company Deciso. An operating system command injection vulnerability exists in Deciso OPNsense version 25.1, which stems from improper handling of the span parameter in the Bridge Interface Edit...

CVE-2025-50989

OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint interfacesbridgeedit.php. The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitra...

AZL-69602 CVE-2025-22111 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to devioctl first and later forwarded to brioctlcall, which causes unnecessary RTNL dance and the splat below 0 under RTNL pressure. Let's say Thread A...

CVE-2025-22111

In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to devioctl first and later forwarded to brioctlcall, which causes unnecessary RTNL dance and the splat below 0 under RTNL pressure. Let's say Thread A...

DEBIAN-CVE-2025-22111

In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to devioctl first and later forwarded to brioctlcall, which causes unnecessary RTNL dance and the splat below 0 under RTNL pressure. Let's say Thread A...

kernel: net: bridge: xmit: make sure we have at least eth header len bytes

A vulnerability was found in the Linux kernel in the net: bridge component, where the xmit function in the bridge device could trigger an uninitialized value error if a short skb less than the required ETHHLEN bytes is sent. This condition could cause unexpected behavior due to insufficient check...

USN-4191-1 qemu vulnerabilities

It was discovered that the LSI SCSI adapter emulator implementation in QEMU did not properly validate executed scripts. A local attacker could use this to cause a denial of service. CVE-2019-12068 Sergej Schumilo, Cornelius Aschermann and Simon Wörner discovered that the qxl paravirtual graphics...

Cisco Meeting Server HTTP Packet Processing Vulnerability

A vulnerability in the Web Bridge interface of the Cisco Meeting Server CMS, formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information. In addition, the attacker could potentially...

Scientific Linux Security Update : kernel on SL5.x i386/x86_64

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security fixes : - The maximum file offset handling for ext4 file systems could allow a local, unprivileged user to cause a denial of service. CVE-2011-2695, Important - IPv6 fragment identification value...

kernel: bridge: null pointer dereference in __br_deliver

A certain Red Hat patch to the brdeliver function in net/bridge/brforward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux RHEL 5 allows remote attackers to cause a denial of service NULL pointer dereference and system crash or possibly have unspecified other impact by leveraging...