767 matches found
Security update for wicked
This update for wicked fixes the following issues: CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
isc-dhcp-server-root-rce-exploit
isc-...
CVE-2026-45160
ESF-IDF’s ESP-IDF lwIP DHCP server option parser (parse_options in dhcpserver.c) has an out-of-bounds read in the BOOTP/DHCP options parsing. In affected releases 5.2.7, 5.3.5, 5.4.4, 5.5.4 and 6.0.1, a crafted DHCP request can cause reads past the end of the options buffer into adjacent heap mem...
PT-2026-48679
Name of the Vulnerable Software and Affected Versions wicked versions prior to 0.6.79 Description An indirect remote shell command injection exists due to unsanitized DHCP options. The issue involves improper processing of posix-tz-dbname and tz-string options, as well as a failure to escape...
PT-2026-48349
ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parse options in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The...
dracut project dracut 命令注入漏洞
Dracut is an event-driven initramfs generation tool developed by Dracutdevs. Dracut has a vulnerability related to operating system command injection. This vulnerability arises when remote attackers provide custom DHCP options, which are improperly processed and written into temporary shell...
PT-2026-48526
Name of the Vulnerable Software and Affected Versions dracut affected versions not specified Description A flaw in the legacy DHCP path allows a remote attacker on the adjacent network to achieve root code execution within the initramfs initial RAM file system, which is loaded with the kernel at...
Vulnerabilities in Microsoft Windows
Microsoft has fixed a large number of vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to various categories of damage, as described in the tables below. Among these vulnerabilities are about six very serious ones, which Microsoft ha...
CVE-2026-45608
Out-of-bounds read in Windows DHCP Client allows an unauthorized attacker to disclose information locally...
CVE-2026-44815
CVE-2026-44815 is a stack-based buffer overflow in the Windows DHCP Client that enables remote code execution over the network. Affected component: Windows DHCP Client; root cause is a stack-based overflow. Consequences are remote code execution with high impact, as indicated by the CVSS vector (...
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
...
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
...
CVE-2026-45602
Technical details (affected product versions, root cause, exploit specifics, and remediation) are not publicly available in the provided documents. Monitor for updates from NVD and CVE List for CVE-2026-45602.
Windows DHCP Client Information Disclosure Vulnerability
Out-of-bounds read in Windows DHCP Client allows an unauthorized attacker to disclose information locally...
Windows DHCP Client Information Disclosure Vulnerability
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally...
PT-2026-47931
Name of the Vulnerable Software and Affected Versions Windows DHCP Client affected versions not specified Description A stack-based buffer overflow exists in the Windows DHCP Client, allowing an unauthorized remote attacker to execute arbitrary code over a network and affect the system. The issue...
CVE-2026-7424
Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service permanent IP task freeze requiring hardware reset ...
CVE-2026-45158
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell script, allowing remote code execution as root on the underlying operating system. This vulnerability i...
CVE-2026-10805
A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...
SUSE-SU-2026:2204-1 Security update for busybox
This update for busybox fixes the following issue - CVE-2026-29004: a crafted DHCPv6 response can lead to a heap buffer overflow in the DHCPv6 client bsc1263989...