Lucene search
K

67 matches found

Vulnrichment
Vulnrichment
added 2026/06/22 5:53 p.m.7 views

CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers

A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...

8.7CVSS5.9AI score0.00409EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

AlmaLinux 8 : dracut (ALSA-2026:26534)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26534 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.4AI score0.01131EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

RockyLinux 9 : dracut (RLSA-2026:26533)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26533 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.4AI score0.01131EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.5 views

RockyLinux 8 : dracut (RLSA-2026:26534)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26534 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.4AI score0.01131EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

RockyLinux 10 : dracut (RLSA-2026:26532)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:26532 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.4AI score0.01131EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

RHEL 8 : dracut (RHSA-2026:26534)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26534 advisory. The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual...

7.5CVSS6.4AI score0.01131EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.11 views

AlmaLinux 9 : dracut (ALSA-2026:26533)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:26533 advisory. dracut: dracut: Root code execution via DHCP options command injection CVE-2026-6893 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.4AI score0.01131EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/19 6:4 a.m.6 views

dracut security update

An update is available for dracut. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dracut packages contain an event-driven initial RAM file system initramfs...

7.5CVSS6.4AI score0.01131EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/06/19 12:3 a.m.7 views

dracut security update

An update is available for dracut. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dracut packages contain an event-driven initial RAM file system initramfs...

7.5CVSS5.9AI score0.01131EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/17 10:54 a.m.12 views

Important: Red Hat Security Advisory: dracut security update

An update for dracut is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS5.9AI score0.01131EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 9:57 a.m.8 views

Important: Red Hat Security Advisory: dracut security update

An update for dracut is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

7.5CVSS5.9AI score0.01131EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 9:53 a.m.11 views

Important: Red Hat Security Advisory: dracut security update

An update for dracut is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS5.9AI score0.01131EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.10 views

RHEL 9 : dracut (RHSA-2026:26533)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26533 advisory. The dracut packages contain an event-driven initial RAM file system initramfs generator infrastructure based on the udev device manager. The virtual...

7.5CVSS6AI score0.01131EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : wicked (SUSE-SU-2026:2349-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2349-1 advisory. This update for wicked fixes the following issue - CVE-2026-44932: indirect remote shell command injection via...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.6 views

SUSE SLES12 Security Update : wicked (SUSE-SU-2026:2350-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:2350-1 advisory. - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221. Tenable has extracted the preceding descriptio...

8.8CVSS5.4AI score0.00297EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/06/10 2:53 p.m.7 views

Security update for wicked

This update for wicked fixes the following issue CVE-2026-44932: indirect remote shell command injection via unsanitized DHCP options bsc1265221. Changes for wicked: Update to version 0.6.79 Fix to escape single-quotes in leaseinfo dump output used by the wicked test dhcp4 and wicked test dhcp6 a...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/10 12:26 a.m.10 views

EUVD-2026-35915

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

6.5CVSS5.5AI score0.00246EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/30 6:56 a.m.5 views

CVE-2026-42511 Remote code execution via malicious DHCP options

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

5.7AI score0.00431EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 6:56 a.m.41 views

CVE-2026-42511 Remote code execution via malicious DHCP options

The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the lease is passed to...

0.00431EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/04/29 12:0 a.m.15 views

FreeBSD -- Remote code execution via malicious DHCP options

Problem Description: The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by dhclient, e.g., after a system restart, an attacker-controlled field from the...

8.1CVSS5.6AI score0.00431EPSS
Exploits0
Rows per page
Query Builder