kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in Chase-Reply Messages

A flaw was found in Unbound's DNSSEC validator when constructing chase-reply messages for validation. The code uses the wrong counter to calculate write offsets for ADDITIONAL section resource record sets. When a DNAME chain is combined with authority filtering, an uninitialized array slot is...

CVE-2026-46244

The CVE-2026-46244 issue affects the Linux kernel netfilter nft_inner path. In nft_inner_parse_l2l3(), while handling inner IPv6 packets, ipv6_find_hdr() computes the transport header offset correctly across extension headers, but the code later overwrites this value with nhoff + sizeof(_ip6h) (4...

PT-2026-46007

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.2 and later Description A desynchronization issue exists in the nft inner parse l2l3 function when processing inner IPv6 packets. While the ipv6 find hdr function correctly calculates the transport header offset by...

CVE-2026-10047

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...

EUVD-2026-33944

The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index into the 1MB RealModeMemory buffer without bounds validation. With...

curl: TFTP upload ignores --continue-at / CURLOPT_RESUME_FROM and leaks skipped local file prefix

Summary TFTP uploads ignore the configured resume offset. When a caller runs curl -C N -T file tftp://... or uses libcurl with CURLOPTUPLOAD and CURLOPTRESUMEFROM, curl should skip the first N bytes of the local source before uploading. Instead, the TFTP code sends the complete local file from by...

CVE-2018-25432

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

CVE-2018-25432

Arm Whois 3.11 is affected by a local buffer overflow that allows code execution via exception handler hijacking. An input file crafted with a 672-byte offset can overwrite nSEH and SEH pointers, enabling arbitrary code execution when the structured exception handler is triggered. CVSS data prese...

PT-2026-45623

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

Linux Distros Unpatched Vulnerability : CVE-2026-46195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied...

CVE-2026-46195

A flaw was found in the Linux kernel's Server Message Block SMB client. A malicious server can exploit this vulnerability on 32-bit systems by providing a crafted dacloffset value. This can cause a pointer wrap, leading to the dereferencing of invalid Discretionary Access Control List DACL fields...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

CVE-2026-46195

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parsesecdesc, buildsecdesc, and the chown path in idmodetocifsacl all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returne...

EUVD-2026-32820

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

CVE-2026-46193

CONCRETE DETAILS FOUND: CVE-2026-46193 concerns the Linux kernel’s IPsec AH/xfrm path with ESN enabled. The issue arises when the async ahash setup appends a 4-byte ESN seqhi slot before the ICV/auth_data, but the async completion callbacks reconstruct the layout as if seqhi were absent, causing ...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

SUSE CVE-2026-45967

In the Linux kernel, the following vulnerability has been resolved: bpf: Return proper address for non-zero offsets in insn array The mapdirectvalueaddr function of the instruction array map incorrectly adds offset to the resulting address. This is a bug, because later the resolvepseudoldimm64...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...