CVE-2026-56115

CVE-2026-56115 is associated with a one-byte stack out-of-bounds write in dhcpcd up to 10.3.2, due to a malformed DHCPv6 OPTION_PD_EXCLUDE in dhcp6_makemessage() that an unauthenticated same-link attacker can trigger via DHCPv6 ADVERTISE with IA_PD /0. An attacker can corrupt adjacent stack memor...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nfsd: When trying to queue dlrecall, if the call to nfsd4runcb fails, the reference count of dlstid is not decremented. This leads to a leak of the following objects: unreferenced object 0xffff88812067b578 size 344: Comm “nfsd”,...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nfsd: fixed a use-after-free issue due to delegation race conditions. A delegation break can occur as soon as we call vfssetlease. A delegation break triggers a callback that immediately adds the delegation to delrecalllru in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: NFSD: Actions must be defined for the new timedeleg FATTR4 attributes. NFSv4 clients will not send legitimate GETATTR requests for these new attributes, as they are intended to be used only with CBGETATTR and SETATTR. However,...

EUVD-2026-36554

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

CVE-2026-54361 MISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation records

MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained server-controlled, including record identifiers and ownership-relat...

CVE-2026-41235

CVE-2026-41235 affects Froxlor 2.3.6 where system.available_shells is used to present allowed shells but not enforced by server-side Ftps::add/ Ftps::update. An authenticated customer with shell delegation can submit an arbitrary shell (e.g., /bin/bash); with nssextrausers integration this shell ...

Incorrect Authorization

Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Incorrect Authorization via the Ftps::add and Ftps::update functions. An attacker can gain unauthorized shell access and escalate privileges by submitting an arbitrary shell value...

Linux Distros Unpatched Vulnerability : CVE-2026-43000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the memb...

GHSA-QP9X-WP8F-QGJJ tuf has platform-dependent delegation path matching

DelegatedRole.istargetinpathpattern uses fnmatch.fnmatch to decide whether a given target path is authorized by a delegation's glob pattern. Python's fnmatch.fnmatch calls os.path.normcase on both arguments before matching. On POSIX hosts normcase is the identity function; on Windows hosts os.pat...

SUSE-SU-2026:21913-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

PT-2026-47224

DelegatedRole. is target in pathpattern uses fnmatch.fnmatch to decide whether a given target path is authorized by a delegation's glob pattern. Python's fnmatch.fnmatch calls os.path.normcase on both arguments before matching. On POSIX hosts normcase is the identity function; on Windows hosts...

CVE-2026-43000

An issue was discovered in OpenStack Keystone before 29.0.2. When combined with an application credential impersonation vulnerability, an attacker with the member role on a project can escalate to admin by chaining unrestricted application credentials with Keystone trusts. The impersonated token...

PT-2026-44465

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 29.0.2 Description A privilege escalation issue exists where an attacker with a member role on a project can escalate their privileges to admin. This is achieved by chaining unrestricted application...

PT-2026-42828

Name of the Vulnerable Software and Affected Versions PCManFM-Qt versions 1.1.0 and later Description An issue exists where PCManFM-Qt delegates to a different program based on file type without user confirmation when a regular file path is passed as a URI in the...

CVE-2026-42960

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the authority section can be used to trick Unbound to cache such records. If an adversary is able to attach such...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: srcu: Delegating tasks to the booting CPU when using SRCUSIZESMALL. The commit 994f706872e6 “srcu: Making the Tree SRCU capable of operating without the snpnode array” assumes that CPU 0 is always online. However, there are...

Astra Linux - уязвимость в unbound

A vulnerability called “Non-Responsive Delegation Attack” NRDelegation Attack has been discovered in various DNS resolution software. The NRDelegation Attack operates by creating a malicious delegation with a significant number of non-responsive name servers. The attack begins by querying a...

Astra Linux - уязвимость в heimdal

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11, and 4.11.x before 4.11.3 have a issue where the S4U MS-SFU Kerberos delegation model includes a feature that allows a subset of clients to be opt-out from constrained delegation in either S4U2Self or regular Kerberos authentication...