Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateAddressInfo and createAddress methods. A user with consume or send permssions can modify the routing-type of an address - e.g. from ANYCAST to MULTICAST. Remediation Upgrade...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the updateAddressInfo and createAddress methods. A user with consume or send permssions can modify the routing-type of an address - e.g. from ANYCAST to MULTICAST. Remediation Upgrade...

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

CVE-2026-48688

A flaw was found in FastNetMon Community Edition. Multiple out-of-bounds read vulnerabilities exist within the BGP MPREACHNLRI IPv6 attribute decoder. A remote attacker could exploit these flaws by sending specially crafted BGP messages, which could lead to information disclosure or a denial of...

EUVD-2026-32894

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

CVE-2026-40914 Apache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-type can be updated by STOMP protocol user without the createAddress permission

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

CVE-2026-40914 Apache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-type can be updated by STOMP protocol user without the createAddress permission

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

CVE-2026-40914

CVE-2026-40914 describes a vulnerability in Apache Artemis (and Apache ActiveMQ Artemis) where a STOMP-authenticated user with either consume or send permission on an address can augment the address routing-type without having createAddress permission for that address. This allows sending or cons...

CVE-2026-46238

A flaw was found in the batman-adv module of the Linux kernel. The BAT IV protocol was caching unowned originator pointers, which could become invalid after purge handling. This could lead to the use of stale data, potentially causing unexpected system behavior or information corruption within th...

CVE-2026-29004

A flaw was found in BusyBox. A heap buffer overflow vulnerability exists in the Dynamic Host Configuration Protocol version 6 DHCPv6 client, specifically within the optiontoenv function. Network-adjacent attackers can exploit this by sending a crafted DHCPv6 response containing a malformed...

CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

UBUNTU-CVE-2026-46172

In the Linux kernel, the following vulnerability has been resolved: ipv6: xfrm6: release dst on error in xfrm6rcvencap xfrm6rcvencap performs an IPv6 route lookup when the skb does not already have a dst attached. ip6routeinputlookup returns a referenced dst entry even when the lookup resolves to...

EUVD-2026-32854

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

CVE-2026-46227

CVE-2026-46227 describes a race in the Linux kernel SCTP SENDALL path. The sctp_sendmsg() loop over ep->asocs caches the next entry in @tmp, then calls sctp_sendmsg_to_asoc() after dropping the socket lock, allowing a second thread to peel off the cached association and migrate it to a new end...

CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

CVE-2026-46227

In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL The SCTPSENDALL path in sctpsendmsg iterates ep-asocs with listforeachentrysafe, which caches the next entry in @tmp before the loop body runs. The body calls...

CVE-2026-46219 spi: mpc52xx: fix use-after-free on unbind

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free...

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...