87 matches found
SUSE CVE-2026-46260
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...
EUVD-2026-34122
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ipv6 module’s failure to check iter-nh when using RTANHID in the fib6addrt2node function. As ...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ipv4: Handled attempts to delete multipath routes when fibinfo contains a reference to nh. Gwangun Jung reported a buffer overflow vulnerability in fibnhmatch: fibnhmatch+0xf98/0x1130, linux-6.0-rc7/net/ipv4/fibsemantics.c:961...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed another slab-out-of-bounds issue in fib6nhflushexceptions While running the self-tests on a KASAN-enabled kernel, I observed a slab-out-of-bounds issue that was very similar to the one reported in commit 821bbf79fe46...
CVE-2026-43374
Summary: CVE-2026-43374 affects the Linux kernel networking code (net: nexthop). The vuln arises when removing a nexthop from a group: remove_nh_grp_entry() publishes the new group via rcu_assign_pointer() and then immediately frees the removed entry’s percpu stats with free_percpu(), while the s...
CVE-2026-23300
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-005502)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005502 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 ipv4:...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed a memory leak in nhcpcpurthoutput within fibchecknhv6gw. The function fibchecknhv6gw expects that fib6nhinit will clean up everything when it fails. The commit 7dd73168e273 „ipv6: Always allocate pcpu memory in fib6nh...
ROS-20260121-73-0021
A vulnerability in the fibchecknhv6gw function of the Linux operating system kernel is related to a possible memory leak. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2022-35911
On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. NOTE: the vendor's perspective is that "omitting the query string does not cause a denial of service and the indicated event can not be reproduced...
CVE-2025-14145
The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nhrow shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2025-14145 Niche Hero | Beautifully-designed blocks in seconds <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute
The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nhrow shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possib...
PT-2026-1632
Name of the Vulnerable Software and Affected Versions The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress versions through 1.0.5 Description The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989032)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989032 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fibinfo contains an nh reference Gwangun Jung...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987112)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987112 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fibinfo contains an nh reference Gwangun Jung...
CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection
The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection
The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2025-9200
CVE-2025-9200 affects the WordPress plugin “Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App”. The issue is an unauthenticated SQL Injection via nh_ynaa_comments() present in all versions up to 0.8.8.8, caused by insufficient escaping of user-supplied input and inadequa...
CVE-2023-53342 net: marvell: prestera: fix handling IPv4 routes with nhid
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix handling IPv4 routes with nhid Fix handling IPv4 routes referencing a nexthop via its id by replacing calls to fibinfonh with fibinfonhc. Trying to add an IPv4 route referencing a nextop via nhid: $ ip...