Pavel-odintsov Fastnetmon
14 CVEs affecting Pavel-odintsov Fastnetmon. Latest disclosed: 2026-05-26. Critical: 4, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-48689 | Critical | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hp… |
CVE-2026-48691 | Critical | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce… |
CVE-2026-48687 | Critical | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/… |
CVE-2026-48686 | Critical | 9.8 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The functio… |
CVE-2026-48695 | High | 8.1 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The _log() function in src… |
CVE-2026-48694 | High | 8.1 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains a configuration injection vulnerability in the Juniper router integration plugin. In src/juniper_plugin/fas… |
CVE-2026-48692 | High | 8.1 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::Insec… |
CVE-2026-48688 | High | 7.5 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The function decode_mp_reach_… |
CVE-2026-48697 | High | 7.4 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 does not verify TLS certificates on outbound HTTPS connections. The execute_web_request_secure() function in src/fas… |
CVE-2026-48690 | High | 7.1 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packet_storage.hpp, the a… |
CVE-2026-48685 | Medium | 6.5 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set… |
CVE-2026-48684 | Medium | 6.5 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (… |
CVE-2026-48696 | Medium | 6.2 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689. |
CVE-2026-48693 | Medium | 5.5 | 2026-05-26 | FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/t… |