CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

SUSE-SU-2026:2354-1 Security update for wicked

This update for wicked fixes the following issues: - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221...

CVE-2026-9408

Totolink A8000RU Web Management ( CGI: /cgi-bin/cstecgi.cgi ) is affected by CVE-2026-9408. The vulnerability centers on the setStaticDhcpRules function where manipulating the enable argument leads to OS command injection. Impact is described as remote exploitation with high severity (scores in C...

Barebox 缓冲区错误漏洞

Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox prior to 2026.04.0 contained a buffer error vulnerability. This vulnerability stemmed from the dhcpmessagetype function in DHCP option parsing, which did not verify whether the option pointers wer...

EUVD-2026-28727

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix netdevice lifecycle with devicemove The network device outlived its parent gadget device during disconnection, resulting in dangling sysfs links and null pointer dereference problems. A prior attempt to sol...

Cisco IOS XE Software for Catalyst 9000 Series Switches DHCP Snooping Denial of Service Vulnerability

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause BOOTP packets to be forwarded between VLANs, resulting in a denial of service DoS condition. This vulnerability is due to improper handling of BOOTP packets on Cisco...

SUSE-SU-2026:0630-1 Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: dracut-saltboot: - Update to version 1.1.0 Retry DHCP requests up to 3 times bsc1253004 golang-github-QubitProducts-exporterexporter: - Non-customer-facing optimization around source building golang-github-boynux-squidexporter: - Update to version 1.13.0...

Ubuntu: Security Advisory (USN-8056-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-25411 Comodo Dome Firewall 2.7.0 Cross-Site Scripting via DHCP

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAYGREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript...

PT-2026-6571

Name of the Vulnerable Software and Affected Versions Dnsmasq-utils version 2.79-1 Description The software contains a buffer overflow in the dhcp release utility. An attacker can cause a denial of service by providing input exceeding 16 characters, leading to a core dump and process termination...

MiracleLinux 7 : dnsmasq-2.76-2.el7.2 (AXSA:2017-2341:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2017-2341:02 advisory. A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq...

CVE-2025-69542

A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command without proper sanitization. When a DHCP...

CVE-2025-54304

Affected product. Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When powered on, an X11 display server is started and listens on all network interfaces via port 6000. The default X11 access control list permits connections from 127.0.0.1 and 192.168.2.15. If the device boots and then c...

EUVD-2025-35094

In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the server reply. With a crafted packet, an attacker could cause an out of memory read...

CVE-2025-55093

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive when handling unicast DHCP messages that could cause corruption of 4 bytes of memory...

CVE-2025-55093

In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in nxipv4packetreceive when handling unicast DHCP messages that could cause corruption of 4 bytes of memory...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the improper enforcement of resource limits in the nftables rules generation process for managed bridge networks. An attacker can exhaust the DHCP pool and disrupt network...

CVE-2024-11237

A vulnerability, which was classified as critical, has been found in TP-Link VN020 F3vT TTV6.2.1021. Affected by this issue is some unknown functionality of the component DHCP DISCOVER Packet Parser. The manipulation of the argument hostname leads to stack-based buffer overflow. The attack may be...

CVE-2023-40480

NETGEAR RAX30 DHCP Server Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exist...

Juniper Networks Junos OS Product Buffer Error Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A buffer error vulnerability exists in Junos OS EX and Junos OS QFX, which can be exploited by an attacker t...