13142 matches found
CVE-2026-56116
A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit a memory leak vulnerability in the IPv6 Router Advertisement route information handling. By repeatedly sending specially crafted Router Advertisements with a zero lifetime, the attacker can cause the syst...
CVE-2026-54323 Daytona: Git credential leak via git clone with TLS verification disabled
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...
CVE-2026-56117
dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...
EUVD-2026-38496
dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...
CVE-2026-56116 dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling
dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to cause denial of service by sending crafted Router Advertisements. Attackers can repeatedly send...
EUVD-2026-38491
dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...
PT-2026-51565
Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description An issue in the IPv6 Router Advertisement route information handling allows an unauthenticated attacker on the same link to cause a denial of service. By repeatedly sending crafted Router...
Oracle Solaris Critical Patch Update : jun2026_SRU11_4_93_221_2
The version of Solaris installed on the remote host is prior to 11.4.93.221.2. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11jun2026SRU114932212 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Remote Administration Daemon...
kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state
A flaw was found in the Linux kernel's libceph OSD client. When a connection fault occurs during a sparse read, the sparse-read state is not properly reset. This allows a misbehaving or compromised Ceph OSD server, or a network adversary, to disrupt traffic. As a result, the client can misinterpr...
[SECURITY] [DLA 4639-1] libhttp-daemon-perl security update
Debian LTS Advisory DLA-4639-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón June 21, 2026 https://wiki.debian.org/LTS Package : libhttp-daemon-perl Version : 6.12-1+deb11u2 6.16-1+deb13u1deb12u1 CVE ID : CVE-2026-8450 Debian Bug : 1138050 A flaw was...
[SECURITY] [DSA 6358-1] libhttp-daemon-perl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6358-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 21, 2026 https://www.debian.org/security/faq -...
Debian dsa-6358 : libhttp-daemon-perl - security update
The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6358 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6358-1 [email protected] https://www.debian.org/security/...
SUSE-SU-2026:22187-1 Security update for perl-HTTP-Daemon
This update for perl-HTTP-Daemon fixes the following issue - CVE-2026-8450: HTTP: Daemon versions before 6.17 for Perl allow OS command injection via sendfile bsc1266370...
Fedora 44 : perl-HTTP-Daemon (2026-8982379b5c)
The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8982379b5c advisory. Changes: 6.17 2026-05-19 23:11:06Z - Fix CVE-2026-8450 affects 6.15 and earlier: 2-arg open in sendfile enabled RCE / arbitrary file write / response-body...
SUSE SLED15 / SLES15 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2442-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2442-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description...
Fedora 43 : perl-HTTP-Daemon (2026-f276b2154e)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-f276b2154e advisory. Changes: 6.17 2026-05-19 23:11:06Z - Fix CVE-2026-8450 affects 6.15 and earlier: 2-arg open in sendfile enabled RCE / arbitrary file write / response-body...
SUSE SLES12 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:2408-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2408-1 advisory. - CVE-2026-8450: Fixed OS command injection via sendfile bsc1266370. Tenable has extracted the preceding description block directly from the SUSE...
CVE-2026-48715
radvd is a router advertisement daemon for IPv6. Prior to version 2.21, the radvdump utility shipped with radvd contains a stack buffer overflow in the Route Information option parser. When processing a crafted ICMPv6 Router Advertisement, printff copies up to 2032 bytes from attacker-controlled...
Astra Linux – Vulnerability in libvirt
A use-after-free flaw was discovered in libvirt. The qemuMonitorUnregister function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting...
Astra Linux – Vulnerability in Linux 5.15
A issue was discovered in the Linux kernel before version 6.3.8. The file fs/smb/server/smb2pdu.c in ksmbd contains an integer underflow and an out-of-bounds read during the deassemblenegcontexts function...