Lucene search
K

82 matches found

Vulnrichment
Vulnrichment
added 2026/06/23 4:8 p.m.4 views

CVE-2026-56115 Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS5.9AI score0.00307EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 4:8 p.m.35 views

CVE-2026-56115 Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS0.00307EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 4:8 p.m.28 views

CVE-2026-56115

CVE-2026-56115 is associated with a one-byte stack out-of-bounds write in dhcpcd up to 10.3.2, due to a malformed DHCPv6 OPTION_PD_EXCLUDE in dhcp6_makemessage() that an unauthenticated same-link attacker can trigger via DHCPv6 ADVERTISE with IA_PD /0. An attacker can corrupt adjacent stack memor...

8.8CVSS5.9AI score0.00307EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/23 4:8 p.m.6 views

EUVD-2026-38492

dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows unauthenticated same-link attackers to write beyond a fixed local buffer by serializing an oversized RFC6603 OPTIONPDEXCLUDE option body...

6CVSS6.1AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51564

Name of the Vulnerable Software and Affected Versions Bootimus versions 0.1.0 through 0.1.70 dhcpcd versions 1.0 through 10.3.2 Description Bootimus contains a broken access control issue where the JWTMiddleware function in internal/auth/auth.go fails to inspect the is admin flag. This allows...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in edk2

EDK2’s Network Package is vulnerable to a buffer overflow vulnerability when processing the DNS Server option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity, and/or...

8.8CVSS7.6AI score0.01186EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 9 : edk2-20230524-4.el9_3.2.ML.1 (AXSA:2024-7573:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7573:04 advisory. edk2: Buffer overflow in the DHCPv6 client via a long Server ID option CVE-2023-45230 edk2: Buffer overflow when processing DNS Servers option in a...

8.8CVSS7.5AI score0.01213EPSS
Exploits1References3
OSV
OSV
added 2025/11/21 9:17 a.m.8 views

CLSA-2025-1763716672 edk2: Fix of 7 CVEs

CVE-2023-45229: fix IPv6 malformed option handling to prevent parsing loop - CVE-2023-45230: fix DHCPv6 ServerID length validation to prevent buffer overflow - CVE-2023-45231: fix IPv6 Redirect bounds checks to avoid out-of-bounds access - CVE-2023-45232: fix IPv6 destination option parsing to...

8.8CVSS6AI score0.02084EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-34217

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00637EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-49535

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.00937EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-49540

Malicious code in bioql PyPI...

8.8CVSS7.2AI score0.01186EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.4 views

PT-2024-35453 · Riot · Riot

Name of the Vulnerable Software and Affected Versions: RIOT versions 2024.04 and prior Description: The issue is related to the parse advertise function, located in /sys/net/application layer/dhcpv6/client.c, which lacks a minimum header length check for dhcpv6 opt t after processing dhcpv6 msg t...

7.5CVSS6.9AI score0.00728EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/10/24 11:54 a.m.8 views

edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message

A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...

8.8CVSS6AI score0.01213EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/09/23 11:12 a.m.5 views

edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message

A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...

8.8CVSS6AI score0.01213EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/09/19 11:31 a.m.6 views

edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message

A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...

8.8CVSS6AI score0.01213EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/07/09 10:2 a.m.7 views

edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message

A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...

8.8CVSS6AI score0.01213EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/05/30 1:2 p.m.3 views

edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message

A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...

8.8CVSS6.4AI score0.01186EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/04/30 9:52 a.m.3 views

edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message

A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...

8.8CVSS6AI score0.01213EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2024/04/09 2:50 p.m.6 views

edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message

A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...

8.8CVSS6.4AI score0.01186EPSS
Exploits1References6
OSV
OSV
added 2024/03/22 11:7 a.m.3 views

OESA-2024-1319 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...

8.8CVSS7.3AI score0.02084EPSS
Exploits1References6
Rows per page
Query Builder