Lucene search
K

684 matches found

OSV
OSV
added 2026/06/29 9:20 a.m.2 views

SUSE-SU-2026:22431-1 Security update for dracut

This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 059+suse.609.g1a2492e: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...

7.5CVSS6.4AI score0.01131EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:39 p.m.2 views

SUSE-SU-2026:22273-1 Security update for dracut

This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 059+suse.722.gdd9d67ff5: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...

7.5CVSS6.2AI score0.01131EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 9:39 p.m.2 views

SUSE-SU-2026:22358-1 Security update for dracut

This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 059+suse.722.gdd9d67ff5: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...

7.5CVSS6.2AI score0.01131EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 4:8 p.m.33 views

CVE-2026-56115 Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS0.00307EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51563

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A one-byte stack out-of-bounds write exists in the dhcp6 makemessage function within src/dhcp6.c. Unauthenticated attackers on the same link can trigger this by serializing an oversized RFC6603 OPTIO...

6.5CVSS5.9AI score0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.16 views

PT-2026-51562

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.3 Description A heap use-after-free issue exists where unauthenticated attackers on the same link can crash the daemon. This occurs when a crafted DHCPv6 RENEW reply is sent containing an RFC6603 OPTION PD EXCLUDE...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References4
OSV
OSV
added 2026/06/22 10:55 a.m.9 views

SUSE-SU-2026:2481-1 Security update for openvswitch

This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...

8.6CVSS5.8AI score0.00868EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 8:24 a.m.2 views

SUSE-SU-2026:2476-1 Security update for openvswitch3

This update for openvswitch3 fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...

8.6CVSS5.8AI score0.00868EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 8:23 a.m.4 views

SUSE-SU-2026:2475-1 Security update for openvswitch

This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...

8.6CVSS5.8AI score0.00868EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51371

Name of the Vulnerable Software and Affected Versions TP-Link routers affected versions not specified Description Insufficient validation of externally supplied DHCP option data in the DHCP option processing logic allows an adjacent, unauthenticated attacker to execute arbitrary commands with...

8.7CVSS6.2AI score0.00409EPSS
Exploits1References13
Rockylinux
Rockylinux
added 2026/06/19 12:0 a.m.9 views

dracut security update

An update is available for dracut. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dracut packages contain an event-driven initial RAM file system initramfs...

7.5CVSS5.9AI score0.01131EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/17 10:54 a.m.7 views

dracut: dracut: Root code execution via DHCP options command injection

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS6AI score0.01131EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/17 9:57 a.m.6 views

dracut: dracut: Root code execution via DHCP options command injection

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS6AI score0.01131EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/17 9:53 a.m.8 views

dracut: dracut: Root code execution via DHCP options command injection

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

7.5CVSS6AI score0.01131EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/17 2:23 a.m.14 views

SUSE CVE-2026-6893

A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...

8.8CVSS6AI score0.01131EPSS
Exploits0References12
NVD
NVD
added 2026/06/16 5:16 p.m.14 views

CVE-2026-44932

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...

8.8CVSS0.00297EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/16 3:26 p.m.31 views

CVE-2026-44932 indirect remote shell command injection via unsanitized DHCP options in wicked

Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...

8.8CVSS0.00297EPSS
Exploits0References6
CVE
CVE
added 2026/06/16 3:26 p.m.48 views

CVE-2026-44932

Wicked (openSUSE/SUSE Linux) is affected by CVE-2026-44932 through an indirect remote shell command injection via unsanitized DHCP options. The root cause is unsanitized DHCP strings being handled by the wicked DHCP client, with leaseinfo dump output and certain option processing allowing code ex...

8.8CVSS5.5AI score0.00297EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.19 views

PT-2026-49283

Name of the Vulnerable Software and Affected Versions dhcpcd version 10.3.0 Description A NULL pointer dereference occurs during the parsing of configuration options. In the parse option function, the software performs a member access on a NULL pointer of type struct dhcp opt when an invalid opti...

6.3CVSS5.9AI score0.00169EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLES15 Security Update : wicked (SUSE-SU-2026:2353-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2353-1 advisory. - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221. Tenable has extracted the preceding...

8.8CVSS5.3AI score0.00297EPSS
Exploits0References4
Rows per page
Query Builder