Lucene search
K

317 matches found

OSV
OSV
added 2026/07/06 8:10 p.m.4 views

OPENSUSE-SU-2026:21220-1 Security update for dhcpcd

This update for dhcpcd fixes the following issue Update to 10.3.2: - CVE-2025-70102: NULL pointer dereference in parseoption when processing a specially crafted configuration input bsc1268761. Changes for dhcpcd: options: Ensure ldop is not NULL dereferenced DHCP: Don't run double EXPIRE hooks on...

6.3CVSS6AI score0.00169EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/07/03 8:3 a.m.4 views

Dhcpcd: dhcpcd infinite loop and out-of-bounds read via zero-length ipv6 nd option in router advertisement handling

...

6.5CVSS5.9AI score0.00248EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.9 views

openSUSE 16 Security Update : dhcpcd (openSUSE-SU-2026:21220-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:21220-1 advisory. This update for dhcpcd fixes the following issue Update to 10.3.2: - CVE-2025-70102: NULL pointer dereference in parseoption when processing a specially...

6.3CVSS6.2AI score0.00169EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-14258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 11:16 a.m.4 views

DEBIAN-CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 9:24 a.m.22 views

CVE-2026-14258

CVE-2026-14258 affects dhcpcd’s IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement with a zero-length ND option bypasses validation during packet storage and is reparsed with inadequate validation, causing the parser to enter a non-advancing loo...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/01 9:24 a.m.5 views

CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS5.7AI score0.00248EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:24 a.m.8 views

CVE-2026-14258

A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length Neighbor Discovery option can bypass validation during packet storage and later be reparsed without adequate validation, causing the parser ...

6.5CVSS5.7AI score0.00248EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-56117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows loc...

5.7CVSS6.2AI score0.00093EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-56113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon...

6.5CVSS6.1AI score0.00175EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-56116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an...

7.1CVSS6.1AI score0.00187EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-56114

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 2f00c7b, contains a one-byte stack out-of-bounds write vulnerability in dhcp6makemessage in src/dhcp6.c that allows...

6.5CVSS6.2AI score0.00175EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:3 a.m.6 views

dhcpcd Memory Leak DoS via IPv6 Router Advertisement Handling

...

7.1CVSS5.8AI score0.00187EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.7 views

SUSE CVE-2026-56115

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.10 views

CVE-2026-56117

A flaw was found in dhcpcd. A heap use-after-free vulnerability in the control socket handling allows a local unprivileged attacker to trigger memory corruption. This occurs when privilege separation is disabled, enabling the attacker to send a privileged command to the control socket. Successful...

5.7CVSS5.8AI score0.00093EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.11 views

CVE-2026-56116

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit a memory leak vulnerability in the IPv6 Router Advertisement route information handling. By repeatedly sending specially crafted Router Advertisements with a zero lifetime, the attacker can cause the syst...

7.1CVSS5.8AI score0.00187EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.11 views

CVE-2026-56114

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link could exploit a one-byte stack out-of-bounds write vulnerability in the dhcp6makemessage function. By sending a specially crafted DHCPv6 ADVERTISE message with an oversized option, the attacker can write beyond a...

6.5CVSS5.7AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.10 views

CVE-2026-56113

A flaw was found in dhcpcd. An unauthenticated attacker on the same network link can exploit this vulnerability by sending a specially crafted DHCPv6 RENEW reply. This can lead to a Denial of Service DoS, causing the dhcpcd daemon to crash due to a heap use-after-free vulnerability...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 5:17 p.m.12 views

CVE-2026-56115

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS0.00307EPSS
Exploits1References2
NVD
NVD
added 2026/06/23 5:17 p.m.8 views

CVE-2026-56113

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6.5CVSS0.00175EPSS
Exploits0References2
Rows per page
Query Builder