CVE-2026-43036 net: use skb_header_pointer() for TCPv4 GSO frag_off check

In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...

CVE-2026-37457

An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...

CVE-2026-37457

An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the PM counter being incorrectly checked for cache values during multiple writes to the sysfs...

CVE-2026-37457

An off-by-one out-of-bounds write vulnerability in the bgpflowspecopdecode function bgpd/bgpflowspecutil.c of FRRouting FRR stable/10.0 allows attackers to cause a Denial of Service DoS via supplying a crafted FlowSpec component...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the unused skbheaderpointer function in the TCPv4 GSO fragoff check, which results in a direct dereference o...

PT-2026-36526

Name of the Vulnerable Software and Affected Versions FRRouting version stable/10.0 Description An off-by-one out-of-bounds write issue exists in the bgp flowspec op decode function located in bgpd/bgp flowspec util.c. This flaw allows attackers to trigger a Denial of Service DoS by providing a...

GHSA-84G5-X8J3-7235 Netfoil has incorrect allowlist enforcement

Summary Rules could be bypassed by changing the first character: example.com could be be bypassed by e.g. fxample.com. Details Off-by-one error in the suffixtrie implementation. Impact The domain filter could be bypassed. Please note that DNS filtering alone is not enough to block malicious traff...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the suffixtrie process. An attacker can bypass domain filtering by altering the first character of a domain name, allowing unauthorized access to restricted domains. Remediation Upgrade...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error through improper bounds checking in the PKCS12 bag handling process. An attacker can cause memory corruption by appending to a PKCS12 bag that already contains 32 elements, potentially resulting in denial of service or...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-015455)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-015455 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-0 and 6.9.13-26 have a heap buffer overflow in...

TOTOLINK A8000RU 命令注入漏洞

TOTOLINK A8000RU is a wireless router produced by TOTOLINK, a Chinese company. The TOTOLINK A8000RU 7.1cu.643b20200521 version contains a command injection vulnerability. This vulnerability stems from the setWiFiBasicCfg function in the CGI Handler component’s /cgi-bin/cstecgi.cgi file, which...

go-toolset:ol8 security update

delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 Sync from CentOS Stream 9 - Related: RHEL-121223 golang 1.25.9-1 - Update to Go 1.25.9 fips-2 - Resolves: RHEL-169932 1.25.7-2 - Update to Go 1.25.8 fips-1 - Resolves: RHEL-156551...

CVE-2026-41502

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service decoder allows unauthenticated remote attackers to read one byte past an allocated buffer boundary by...

CVE-2026-41502 BACnet Stack: Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service decoder allows unauthenticated remote attackers to read one byte past an allocated buffer boundary by...

CVE-2026-41502 BACnet Stack: Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an off-by-one out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service decoder allows unauthenticated remote attackers to read one byte past an allocated buffer boundary by...

CVE-2026-41502

CVE-2026-41502 affects the BACnet Stack C library. The issue is an off-by-one out-of-bounds read in the rpm_decode_object_id() routine used by the ReadPropertyMultiple service decoder. It checks apdu_len

Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field

Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a single HTTP POST to /mutate?commitNow=true containing a...

CVE-2026-31614

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...

CVE-2026-31614

MODE C: CVE-2026-31614 is a kernel SMB client vulnerability (Linux kernel). The issue is an out-of-bounds read in check_wsl_eas() that can leak up to 8 bytes of kernel heap via the EA name/value handling, potentially affecting how WSL ext attributes are interpreted. Patches have been released/mer...