Lucene search
+L

792 matches found

nvd
nvd
added yesterday5 views

CVE-2026-62948

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefileswritestate6 and statefileswritestate4 without escaping, allowing newline injection of forged lease lin...

9.6CVSS
Exploits0References5
nessus
nessus
added 2 days ago4 views

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2026-2682)

According to the versions of the busybox packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line...

8.8CVSS7.3AI score0.00375EPSS
Exploits1References3
nessus
nessus
added 2 days ago5 views

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2026-2641)

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request- target path/query, allowing the request line ...

8.8CVSS7.3AI score0.00375EPSS
Exploits1References3
nessus
nessus
added 2026/07/03 12:0 a.m.7 views

openSUSE 16 Security Update : dnsmasq (openSUSE-SU-2026:21192-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:21192-1 advisory. This update for dnsmasq fixes the following issues Update to 2.93: - CVE-2026-12725: heap buffer overflow in logquery when logging unsupported...

7.5CVSS6.3AI score0.00754EPSS
Exploits1References7
osv
osv
added 2026/06/29 7:41 a.m.2 views

OPENSUSE-SU-2026:21192-1 Security update for dnsmasq

This update for dnsmasq fixes the following issues Update to 2.93: - CVE-2026-12725: heap buffer overflow in logquery when logging unsupported DS/DNSKEY replies bsc1268764. Changes for dnsmasq: CVE-2026-12725, bsc1268764: Heap buffer overflow in logquery when logging unsupported DS/DNSKEY replies...

7.5CVSS6.2AI score0.00754EPSS
Exploits1References4
nessus
nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-56113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon...

6.5CVSS6.1AI score0.00175EPSS
Exploits0References3
nessus
nessus
added 2026/06/29 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-56114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows...

6.5CVSS6.2AI score0.00175EPSS
Exploits0References4
nessus
nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES15: libopenvswitch-3_1-0 / libovn-23_03-0 / openvswitch / etc (SUSE-SU-2026:2475-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2475-1 advisory. This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498...

8.6CVSS5.9AI score0.00868EPSS
Exploits0References7
nessus
nessus
added 2026/06/26 12:0 a.m.7 views

SUSE SLES15: libopenvswitch-2_14-0 / libovn-20_06-0 / openvswitch / etc (SUSE-SU-2026:2481-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2481-1 advisory. This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498...

8.6CVSS5.9AI score0.00868EPSS
Exploits0References7
susecve
susecve
added 2026/06/25 2:19 a.m.7 views

SUSE CVE-2026-56115

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/06/24 1:56 a.m.12 views

CVE-2026-56114

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link could exploit a one-byte stack out-of-bounds write vulnerability in the dhcp6makemessage function. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can write beyond a...

6.5CVSS5.7AI score0.00175EPSS
Exploits0References5
nvd
nvd
added 2026/06/23 5:17 p.m.12 views

CVE-2026-56115

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS0.00307EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/06/23 4:8 p.m.5 views

CVE-2026-56115

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS5.9AI score0.00307EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2026/06/23 4:8 p.m.4 views

CVE-2026-56115 Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS5.9AI score0.00307EPSS
Exploits1References2
euvd
euvd
added 2026/06/23 4:8 p.m.8 views

EUVD-2026-38494

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

6CVSS6.1AI score0.00307EPSS
Exploits1References2
cve
cve
added 2026/06/23 4:8 p.m.18 views

CVE-2026-56114

CVE-2026-56114 affects dhcpcd up to 10.3.2; the issue is a one-byte stack out-of-bounds write in dhcp6_makemessage() caused by serializing an oversized RFC6603 OPTION_PD_EXCLUDE body in a crafted DHCPv6 ADVERTISE with IA_PD IAPREFIX /0. The vulnerability can allow an unauthenticated same-link att...

6.5CVSS6.1AI score0.00175EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/23 4:8 p.m.3 views

CVE-2026-56114 dhcpcd Stack Out-of-Bounds Write in dhcp6_makemessage()

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

6CVSS6.1AI score0.00175EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/23 4:8 p.m.39 views

CVE-2026-56114 dhcpcd Stack Out-of-Bounds Write in dhcp6_makemessage()

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

6CVSS0.00175EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/06/23 4:8 p.m.7 views

CVE-2026-56114

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

6.5CVSS5.9AI score0.00175EPSS
Exploits0References2
cve
cve
added 2026/06/23 4:5 p.m.19 views

CVE-2026-56113

Summary of CVE-2026-56113 : The dhcpcd project (up to version 10.3.2) contains a heap use-after-free vulnerability in the DHCPv6 path. Specifically, in dhcp6_deprecateaddrs(), when processing a crafted DHCPv6 RENEW reply (using RFC6603 OPTION_PD_EXCLUDE) with both the preferred and valid lifetime...

6.5CVSS5.9AI score0.00175EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder