82 matches found
CVE-2026-56115 Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...
CVE-2026-56115 Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...
CVE-2026-56115
CVE-2026-56115 is associated with a one-byte stack out-of-bounds write in dhcpcd up to 10.3.2, due to a malformed DHCPv6 OPTION_PD_EXCLUDE in dhcp6_makemessage() that an unauthenticated same-link attacker can trigger via DHCPv6 ADVERTISE with IA_PD /0. An attacker can corrupt adjacent stack memor...
EUVD-2026-38492
dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...
PT-2026-51564
Name of the Vulnerable Software and Affected Versions Bootimus versions 0.1.0 through 0.1.70 dhcpcd versions 1.0 through 10.3.2 Description Bootimus contains a broken access control issue where the JWTMiddleware function in internal/auth/auth.go fails to inspect the is admin flag. This allows...
Astra Linux – Vulnerability in edk2
EDK2’s Network Package is vulnerable to a buffer overflow vulnerability when processing the DNS Server option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity, and/or...
MiracleLinux 9 : edk2-20230524-4.el9_3.2.ML.1 (AXSA:2024-7573:04)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7573:04 advisory. edk2: Buffer overflow in the DHCPv6 client via a long Server ID option CVE-2023-45230 edk2: Buffer overflow when processing DNS Servers option in a...
CLSA-2025-1763716672 edk2: Fix of 7 CVEs
CVE-2023-45229: fix IPv6 malformed option handling to prevent parsing loop - CVE-2023-45230: fix DHCPv6 ServerID length validation to prevent buffer overflow - CVE-2023-45231: fix IPv6 Redirect bounds checks to avoid out-of-bounds access - CVE-2023-45232: fix IPv6 destination option parsing to...
EUVD-2022-34217
Malicious code in bioql PyPI...
EUVD-2023-49535
Malicious code in bioql PyPI...
EUVD-2023-49540
Malicious code in bioql PyPI...
PT-2024-35453 · Riot · Riot
Name of the Vulnerable Software and Affected Versions: RIOT versions 2024.04 and prior Description: The issue is related to the parse advertise function, located in /sys/net/application layer/dhcpv6/client.c, which lacks a minimum header length check for dhcpv6 opt t after processing dhcpv6 msg t...
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...
edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...
edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...
OESA-2024-1319 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...