Lucene search
K

768 matches found

NVD
NVD
added 2026/06/16 5:16 p.m.14 views

CVE-2026-44932

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...

8.8CVSS0.00297EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/16 3:26 p.m.31 views

CVE-2026-44932 indirect remote shell command injection via unsanitized DHCP options in wicked

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...

8.8CVSS0.00297EPSS
Exploits0References6
CVE
CVE
added 2026/06/16 3:26 p.m.49 views

CVE-2026-44932

Wicked (openSUSE/SUSE Linux) is affected by CVE-2026-44932 through an indirect remote shell command injection via unsanitized DHCP options. The root cause is unsanitized DHCP strings being handled by the wicked DHCP client, with leaseinfo dump output and certain option processing allowing code ex...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.30 views

CVE-2025-70102

A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parseoption src/if-options.c:1886, the code performs a member access on a NULL pointer of type 'struct dhcpopt' when an unexpected/invalid option token or parsing state caus...

0.00169EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49283

Name of the Vulnerable Software and Affected Versions dhcpcd version 10.3.0 Description A NULL pointer dereference occurs during the parsing of configuration options. In the parse option function, the software performs a member access on a NULL pointer of type struct dhcp opt when an invalid opti...

6.3CVSS5.9AI score0.00169EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLES15 Security Update : wicked (SUSE-SU-2026:2353-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2353-1 advisory. - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221. Tenable has extracted the preceding...

8.8CVSS5.3AI score0.00297EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.16 views

CVE-2026-45160

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

6.5CVSS5.5AI score0.00246EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.7 views

Ubuntu 24.04 LTS / 25.10 : Kea DHCP vulnerability (USN-8403-1)

The remote Ubuntu 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8403-1 advisory. Ali Norouzi discovered that Kea DHCP did not properly handle maliciously crafted messages over configured API sockets and HA listeners. A remote attacker...

7.5CVSS5.9AI score0.01361EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:2 p.m.9 views

CVE-2026-45608

Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally...

6.8CVSS5.4AI score0.00338EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 8:17 p.m.18 views

CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS0.01131EPSS
Exploits0References7
OSV
OSV
added 2026/06/10 8:17 p.m.9 views

DEBIAN-CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS6AI score0.01131EPSS
Exploits0References1
OSV
OSV
added 2026/06/10 8:17 p.m.5 views

UBUNTU-CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS6.4AI score0.01131EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 7:49 p.m.11 views

CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS6.1AI score0.01131EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 7:49 p.m.39 views

CVE-2026-6893 Dracut: dracut: root code execution via dhcp options command injection

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS0.01131EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/10 7:49 p.m.11 views

CVE-2026-6893 Dracut: dracut: root code execution via dhcp options command injection

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS6AI score0.01131EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/10 7:49 p.m.12 views

EUVD-2026-36110

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

8.8CVSS6AI score0.01131EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 7:49 p.m.109 views

CVE-2026-6893

CVE-2026-6893 affects the dracut project, specifically the legacy DHCP path. A remote attacker on an adjacent network can trigger root code execution in the initramfs by sending specially crafted DHCP options (for example, a malicious hostname). The options are improperly handled and written into...

7.5CVSS6AI score0.01131EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/10 7:49 p.m.12 views

CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS6AI score0.01131EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/06/10 2:56 p.m.7 views

Security update for wicked

This update for wicked fixes the following issues: CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References6
OSV
OSV
added 2026/06/10 2:55 p.m.6 views

SUSE-SU-2026:2354-1 Security update for wicked

This update for wicked fixes the following issues: - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References3
Rows per page
Query Builder