Lucene search
+L

294 matches found

Vulnrichment
Vulnrichment
added 2026/07/01 2:8 p.m.8 views

CVE-2026-5138 Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References4
CVE
CVE
added 2026/07/01 2:8 p.m.26 views

CVE-2026-5138

Foreman vulnerability CVE-2026-5138 involves the taxonomy_scope controller failing to validate organization and location IDs in nested request parameters. An authenticated user with host-edit permissions can trigger cross-tenant information disclosure, leaking sensitive infrastructure metadata (s...

4.3CVSS5.8AI score0.00231EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/29 10:9 p.m.7 views

CVE-2026-7656 Broken IPv6 Neighbor Discovery input validation allows spoofed RA/NS/NA acceptance in Zephyr net stack

The IPv6 Neighbor Discovery handlers in subsys/net/ip/ipv6nbr.c handlerainput, handlensinput, handlenainput used an incorrect boolean expression that combined the RFC 4861 validity checks with the ICMPv6 code check using the wrong operator precedence: the form was 'length/hop/source/target checks...

8.1CVSS6.2AI score0.00205EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.11 views

SUSE SLES15 Security Update : busybox (SUSE-SU-2026:2053-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2053-1 advisory. This update for busybox fixes the following issue - CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVE...

8.8CVSS6AI score0.00375EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/05/25 2:2 p.m.13 views

Security update for busybox

This update for busybox fixes the following issue CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c bsc1263989. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

8.1CVSS5.9AI score0.00375EPSS
Exploits0References4
OSV
OSV
added 2026/05/25 2:2 p.m.6 views

SUSE-SU-2026:2054-1 Security update for busybox

This update for busybox fixes the following issue - CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c bsc1263989...

8.8CVSS6AI score0.00375EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/05/25 2:1 p.m.13 views

Security update for busybox

This update for busybox fixes the following issue CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c bsc1263989. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like...

8.1CVSS6AI score0.00375EPSS
Exploits0References4
OSV
OSV
added 2026/05/25 2:1 p.m.6 views

SUSE-SU-2026:2053-1 Security update for busybox

This update for busybox fixes the following issue - CVE-2026-29004: Heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c bsc1263989...

8.8CVSS6AI score0.00375EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 9:0 p.m.9 views

MAL-2026-4664 Malicious code in search-connector-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24aea8e5a7338c49dc96e3945ed4d695024c2e169f560e6f3426005ca4666ea4 package.json declares preinstall: node index.js, which fires automatically on npm install. index.js collects host identity hostname, username, homedi...

5.9AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in edk2

EDK2’s Network Package is vulnerable to a buffer overflow vulnerability when processing the DNS Server option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity, and/or...

8.8CVSS7.6AI score0.01196EPSS
Exploits1References2
OSV
OSV
added 2026/05/15 2:3 p.m.8 views

OESA-2026-2357 busybox security update

The Swiss Army Knife of Embedded Linux Security Fixes: BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a...

8.8CVSS6.5AI score0.00375EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 6:16 p.m.5 views

DEBIAN-CVE-2026-29004

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6OPTDNSSERVER...

7.2CVSS6.5AI score0.00375EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 6:16 p.m.6 views

CVE-2026-29004

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6OPTDNSSERVER...

8.8CVSS0.00375EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/04 6:5 p.m.12 views

CVE-2026-29004 BusyBox DHCPv6 Client Heap Buffer Overflow via DNS_SERVERS

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6OPTDNSSERVER...

8.1CVSS6.5AI score0.00375EPSS
Exploits0References5
CVE
CVE
added 2026/05/04 6:5 p.m.28 views

CVE-2026-29004

BusyBox prior to commit 42202bf contains a heap buffer overflow in the DHCPv6 client (udhcpc6) DNS_SERVERS option handler (networking/udhcp/d6_dhcpc.c). Attackers on the network-adjacent path can trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6_OPT_DNS_SERVERS op...

8.8CVSS6.5AI score0.00375EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:5 p.m.4 views

CVE-2026-29004

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6OPTDNSSERVER...

8.1CVSS6.5AI score0.00375EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/04 6:5 p.m.39 views

CVE-2026-29004 BusyBox DHCPv6 Client Heap Buffer Overflow via DNS_SERVERS

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6OPTDNSSERVER...

8.1CVSS0.00375EPSS
Exploits0References5
OSV
OSV
added 2026/05/04 6:5 p.m.4 views

CVE-2026-29004 BusyBox DHCPv6 Client Heap Buffer Overflow via DNS_SERVERS

BusyBox before commit 42202bf contains a heap buffer overflow vulnerability in the DHCPv6 client udhcpc6 DNSSERVERS option handler in networking/udhcp/d6dhcpc.c that allows network-adjacent attackers to trigger memory corruption by sending a crafted DHCPv6 response with a malformed D6OPTDNSSERVER...

7.2CVSS6.8AI score0.00375EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.9 views

PT-2026-36890

Name of the Vulnerable Software and Affected Versions BusyBox versions prior to commit 42202bf Description A heap buffer overflow exists in the DHCPv6 client udhcpc6 DNS SERVERS option handler within the networking/udhcp/d6 dhcpc.c file. Network-adjacent attackers can trigger memory corruption by...

8.1CVSS6.5AI score0.00375EPSS
Exploits0References23
CVE
CVE
added 2026/02/16 5:4 p.m.25 views

CVE-2019-25380

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script. The vulnerability enables attackers to inject JavaScript via posted parameters (e.g., BOOT_SERVER, BOOT_FILE, BOOT_ROOT, START_ADDR, END_ADDR, DNS1, DNS2, NTP1,...

6.1CVSS5.6AI score0.00225EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder