3391 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15, and Linux 6.1
A “use-after-free” vulnerability in the Linux kernel’s ipv4:igmp component can be exploited to achieve local privilege escalation. A race condition can also be exploited, causing a timer to be mistakenly registered on a RCU read-locked object that is then freed by another thread. We recommend...
Astra Linux – Vulnerability in Python 3.11, Python 3.7
The “ipaddress” module contained incorrect information regarding whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the isprivate and isglobal properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/ip6tunnel: Prevents perpetual tunnel growth. Similar to the ipv4tunnel case, the ipv6 version also updates dev-neededheadroom. While the growth of tunnel headroom adjustment in commit 5ae1e9922bbd “net: iptunnel: prevent...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: vxlan: Prevent NULL dereferencing in vxlanxmitone. Neither sock4 nor sock6 pointers are guaranteed to be non-NULL in vxlanxmitone, especially if the iface is disabled. This can lead to the following NULL dereferences: -...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: ipv4: Check for a NULL idev in iprouteusehint. The syzbot was able to trigger a NULL deref in fibvalidatesource in an old tree 1. It appears that this bug still exists in the latest trees. All calls to indevgetrcu must be...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: ipv4: fixed a issue where deleting routes with a nexthop object triggered a warning. The FRR team encountered a kernel warning1 while deleting routes2. This issue occurred when attempting to delete a route that pointed to...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: fixed a use-after-free in twtimerhandler A real-world panic issue was discovered in Linux 5.4. The details of the issue are as follows: - Bug: Unable to handle a page fault for the address: ffffde49a863de28 - Memory layout:...
Crawl4AI: SSRF filter bypass in Docker server via IPv6 transition forms (NAT64 / 6to4 / unspecified / v4-mapped)
Summary The Docker API server's SSRF protection validatewebhookurl / validateurldestination in deploy/docker/utils.py used an explicit IPv4/IPv6 CIDR blocklist that missed several address families. An attacker could reach internal services and cloud metadata endpoints e.g. 169.254.169.254 despite...
CVE-2026-47684
Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed ...
CVE-2026-10639
In Zephyr's native IPv4 stack, icmpv4handleechorequest in subsys/net/ip/icmpv4.c builds an echo-reply packet reply, hands it to nettrysenddata, and then, on success, calls netstatsupdateicmpsentnetpktifacereply. nettrysenddata transfers ownership of reply to the TX path netiftryqueuetx - netiftx ...
CVE-2026-47684
CVE-2026-47684 — Sync-in Server SSRF bypass (IPv4-mapped IPv6 addresses) Affected product: Sync-in Server (file storage/sharing/collaboration). Vulnerability: The private IP blocklist regex (regExpPrivateIP) used in the URL download feature does not match IPv4-mapped IPv6 addresses (e.g., ::ffff:...
CVE-2026-10639
Summary: Zephyr’s native IPv4 icmpv4_handle_echo_request() can perform a use-after-free when updating per-interface statistics after sending an ICMP echo reply. The code hands the echo-reply to the TX path, which may drop the packet and free the net_pkt before the post-send stats update runs. As ...
PT-2026-50165
Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.8 Description The Docker API server contains a Server-Side Request Forgery SSRF flaw where the protection mechanisms in the validate webhook url and validate url destination functions used an incomplete IPv4/IPv6...
PT-2026-50129
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be bypassed by encoding the metadata IP in an IPv6 transition form that the previous fix, CVE-2026-46678...
GHSA-38CX-CQ6F-5755 Symfony: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient
Description Symfony\Component\HttpClient\NoPrivateNetworkHttpClient is documented as a decorator that blocks requests to private networks by default. The list of blocked subnets Symfony\Component\HttpFoundation\IpUtils::PRIVATESUBNETS on 6.4+, a private constant in NoPrivateNetworkHttpClient on 5...
PT-2026-49337
Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...
kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach()
A flaw was found in the Linux kernel's IPv6 ICMP error generation. A remote attacker could send a specially crafted IPv4 ICMP error packet with a Common Internet Protocol Security Option CIPSO IP option. This could lead to incorrect handling of packet control block data when generating an IPv6 IC...
DEBIAN-CVE-2026-44492
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...
CVE-2026-44492
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...
CVE-2026-44492 Axios: shouldBypassProxy does not recognize IPv4-mapped IPv6 addresses, allowing NO_PROXY bypass (incomplete fix for CVE-2025-62718)
Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...