USN-8063-2 protobuf vulnerability

USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict...

CVE-2026-47066

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

UBUNTU-CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

SUSE CVE-2026-7736

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

EUVD-2026-31841

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

CVE-2026-48685

CVE-2026-48685 affects FastNetMon Community Edition up to 1.2.9. The issue is an out-of-bounds memory access caused by incorrect handling of BGP path attributes when the extended length flag is set. In parse_raw_bgp_attribute(), extended_length_bit triggers a 2-byte length field, but the code rea...

Important: golang

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

Important: runfinch-finch

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

CVE-2026-41682

A flaw was found in pupnp, an SDK for developing Universal Plug and Play UPnP applications. This vulnerability, known as Server-Side Request Forgery SSRF, arises from port truncation in the parseuri function. A remote attacker can exploit this flaw to confuse port assignments, potentially enablin...

CLSA-2026-1779533209 NetworkManager: Fix of CVE-2024-6501

CVE-2024-6501: NULL pointer dereference of n-lldprx in nmlldpneighborparse when DEBUG logging is enabled, leading to denial-of-service on malformed LLDP packets...

Prototype Pollution

parseFormData is vulnerable to Prototype Pollution. The vulnerability is due to improper filtering of reserved property keys in bracket and dot-notation FormData field parsing, which allows an attacker to modify Object.prototype and pollute the prototype chain of application objects...

GHSA-38M6-82C8-4XFM Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

Parse Server: Pre-authentication denial of service via client version header regex backtracking

Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains adversarial input that triggers polynomial backtracking in a request-header parser. The parsing runs before session authentication and before...

PT-2026-42860

Name of the Vulnerable Software and Affected Versions Parse Server affected versions not specified Description An unauthenticated attacker with knowledge of a public Parse Application ID can cause a denial of service by submitting a single HTTP request to any '/parse/' endpoint. The attack involv...

CVE-2026-41071

CVE-2026-41071 affects libheif up to version 1.21.2. A crafted HEIF sequence file where the saiz box declares more samples than actually exist can trigger a heap‑buffer‑overflow (out‑of‑bounds read) in the SampleAuxInfoReader constructor when parsing via heif_context_read_from_file. The reader it...

OSV-2026-796 UNKNOWN READ in processXDR

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=515065185 Crash type: UNKNOWN READ Crash state: processXDR nmeaparse genericparseinput...

Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory

Impact A maliciously crafted .onetoc2 table-of-contents file can cause Parser::parsenotebook to open arbitrary files on the host filesystem outside the notebook's directory. The parser reads entry names listed inside the .onetoc2 and joins them against the notebook's base directory without...