USN-8429-1 fastnetmon vulnerabilities

It was discovered that FastNetMon incorrectly validated prefix lengths when decoding BGP NLRI data. A remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 24.04 LTS and Ubuntu 26.04 LTS. CVE-2026-48686 It was...

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of validation for the upper limit of the addrnr parameter in ip6trt. This vulnerability may le...

PT-2025-45117

Name of the Vulnerable Software and Affected Versions kgateway versions 2.0.4 and below kgateway versions 2.1.0-agw-cel-rbac through 2.1.0-rc.2 Description kgateway, a Cloud-Native API and AI Gateway, is affected by a lack of authentication. This allows any client with network access to the xDS...

SUSE-SU-2025:03453-1 Security update for frr

This update for frr fixes the following issues: - CVE-2024-55553: excessive resource consumption may lead to denial of service due to repeated RIB revalidation when processing several RPKI updates bsc1235237...

[SECURITY] Fedora 41 Update: bird-3.1.4-1.fc41

BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border Gateway Protocol BGPv4, Routing Information Protocol RIPv2, RIPng, Open Shortest Path First protocol OSPFv2, OSPFv3, Babel Routing Protocol Babel, Bidirectional Forwarding Detection BFD, IPv6 router advertisements, static...

[SECURITY] Fedora 42 Update: bird-3.1.4-1.fc42

BIRD is a dynamic IP routing daemon supporting both, IPv4 and IPv6, Border Gateway Protocol BGPv4, Routing Information Protocol RIPv2, RIPng, Open Shortest Path First protocol OSPFv2, OSPFv3, Babel Routing Protocol Babel, Bidirectional Forwarding Detection BFD, IPv6 router advertisements, static...

SUSE SLES12 Security Update : frr (SUSE-SU-2025:03297-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:03297-1 advisory. - CVE-2024-55553: excessive resource consumption may lead to denial of service due to repeated RIB revalidation when processing several RPKI updates...

Security update for frr

This update for frr fixes the following issues: CVE-2024-55553: excessive resource consumption may lead to denial of service due to repeated RIB revalidation when processing several RPKI updates bsc1235237. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

CVE-2025-57441

The Blackmagic ATEM Mini Pro 2.7 exposes sensitive device and stream configuration information via an unauthenticated Telnet service on port 9990. Upon connection, the attacker can access a protocol preamble that leaks the video mode, routing configuration, input/output labels, device model, and...

SUSE-SU-2025:03274-1 Security update for frr

This update for frr fixes the following issues: - CVE-2024-55553: excessive resource consumption may lead to denial of service due to repeated RIB revalidation when processing several RPKI updates bsc1235237...

The vulnerability of the setRIP() function in the mod_form.so script of Linksys routers such as RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 allows a hacker to execute arbitrary code or cause service failures.

The vulnerability of the setRIP function in the modform.so script of Linksys routers such as RE6250, RE6300, RE6350, RE6500, RE7000, and RE9000 lies in the fact that the output of the operation goes beyond the buffer in memory when processing parameters like RIPmode and RIPpasswd. Exploiting this...

CVE-2025-52986

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of...

The vulnerability of the RIB Revalidation component of the networking routing implementation software on Unix-like systems allows a perpetrator to cause service interruptions.

The vulnerability of the RIB Revalidation component of the networking routing implementation software on Unix-like systems is related to errors in resource release. Exploiting this vulnerability can allow a malicious actor to cause service failures...

UBUNTU-CVE-2024-56646

In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in modifyprefixroute syzbot found a NULL deref 1 in modifyprefixroute, caused by one fib6info without a fib6table pointer set. This can happen for net-ipv6.fib6nullentry 1 Oops: general protection...

Sybil Attacks

github.com/libp2p/go-libp2p-kad-dht is vulnerable to Sybil attacks. The vulnerability is due to the method of assigning routing information based on the DHT distance between peer IDs and content IDs, allows attackers to generate many Sybil peers with small DHT distances, enabling them to disrupt ...

Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse

The Kademlia DHT go-libp2p-kad-dht 0.20.0 and earlier used in IPFS 0.18.1 and earlier assigns routing information for content i.e., information about who holds the content to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content...

PT-2024-7779

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.2R3-S8 Junos OS versions 21.4 prior to 21.4R3-S7 Junos OS versions 22.1 prior to 22.1R3-S6 Junos OS versions 22.2 prior to 22.2R3-S4 Junos OS versions 22.3 prior to 22.3R3-S3 Junos OS versions 22.4 prior to...

SUSE CVE-2006-2224

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets...

Zigor Corporación ZGR TPS200 NG 信息泄露漏洞

The Zigor Corporación ZGR TPS200 NG is a rectifier for battery chargers from the Spanish company Zigor Corporación. Capable of managing sealed lead-acid or lithium batteries for industrial applications, remote control for substations and remote control of cellular phones, as well as applications...