CVE-2026-31685

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

CLSA-2026-1776878817 squid: Fix of 13 CVEs

CVE-2018-1000027: fix NULL pointer dereference in clientFollowXForwardedForCheck for transactions without a client connection - CVE-2018-19131: fix XSS via X.509 certificate fields rendered unescaped in SSL error pages - CVE-2019-12520: prevent cache poisoning by suppressing URL userinfo from...

EUVD-2026-25652

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

CVE-2026-31685

The connected Red Hat/SUSE/NVD entries confirm CVE-2026-31685 affects the Linux kernel netfilter component ip6t_eui64. The root cause is that eui64_mt6() derives a modified EUI-64 from the Ethernet source and compares it with the IPv6 low 64 bits, but the existing guard only rejects an invalid MA...

CVE-2026-31685

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

CVE-2026-31685

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

CVE-2026-31684

The CVE-2026-31684 issue is in the Linux kernel’s net/sched pathology (act_csum) where tcf_csum_act() reads nested VLAN headers directly from skb->data if the payload contains VLAN tags, and may read VLAN_HLEN bytes before guaranteeing the full header is present. The root cause is that the cod...

EUVD-2026-25651

In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. The current code reads vlan-hvlanencapsulatedproto and then pulls...

EUVD-2026-25649

In the Linux kernel, the following vulnerability has been resolved: bridge: brndsend: linearize skb before parsing ND options brndsend parses neighbour discovery options from ns-opt and assumes that these options are in the linear part of request. Its callers only guarantee that the ICMPv6 header...

OESA-2026-2117 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2026-2116 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

[SECURITY] Fedora 44 Update: nginx-mod-headers-more-0.39-7.fc44

This module allows adding, setting, or clearing specified input/output header s. This is an enhanced version of the standard headers module because it provides more utilities like resetting or clearing "builtin headers" like Content-Type, Content-Length, and Server...

Envoy Proxy 注入漏洞

Envoy Proxy is an open-source cloud-native high-performance edge/intermediate/service proxy. Versions of Envoy Proxy prior to 1.33.0 have a injection vulnerability, which stems from a function in the Query Parameter Handler component’s file...

Linux Distros Unpatched Vulnerability : CVE-2026-31684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. Th...

PT-2026-35144

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the tcf csum act function where nested VLAN headers are processed directly from skb-data when a socket buffer still contains in-payload VLAN tags. The system reads vlan-...

PT-2026-35167

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header mutation/header mutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patc...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the validation conditions for the MAC header in ip6teui64. This vulnerability may all...

PT-2026-35145

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter component where the eui64 mt6 function derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source...

Linux Distros Unpatched Vulnerability : CVE-2026-31685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low...