684 matches found
SUSE-SU-2026:22431-1 Security update for dracut
This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 059+suse.609.g1a2492e: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...
SUSE-SU-2026:22273-1 Security update for dracut
This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 059+suse.722.gdd9d67ff5: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...
SUSE-SU-2026:22358-1 Security update for dracut
This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 059+suse.722.gdd9d67ff5: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...
CVE-2026-56115 Bootimus 0.1.70 Broken Access Control via JWTMiddleware Authorization Bypass
Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...
PT-2026-51563
Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.2 Description A one-byte stack out-of-bounds write exists in the dhcp6 makemessage function within src/dhcp6.c. Unauthenticated attackers on the same link can trigger this by serializing an oversized RFC6603 OPTIO...
PT-2026-51562
Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.3 Description A heap use-after-free issue exists where unauthenticated attackers on the same link can crash the daemon. This occurs when a crafted DHCPv6 RENEW reply is sent containing an RFC6603 OPTION PD EXCLUDE...
SUSE-SU-2026:2481-1 Security update for openvswitch
This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...
SUSE-SU-2026:2476-1 Security update for openvswitch3
This update for openvswitch3 fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...
SUSE-SU-2026:2475-1 Security update for openvswitch
This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499...
PT-2026-51371
Name of the Vulnerable Software and Affected Versions TP-Link routers affected versions not specified Description Insufficient validation of externally supplied DHCP option data in the DHCP option processing logic allows an adjacent, unauthenticated attacker to execute arbitrary commands with...
dracut security update
An update is available for dracut. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The dracut packages contain an event-driven initial RAM file system initramfs...
dracut: dracut: Root code execution via DHCP options command injection
A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...
dracut: dracut: Root code execution via DHCP options command injection
A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...
dracut: dracut: Root code execution via DHCP options command injection
A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...
SUSE CVE-2026-6893
A flaw was found in dracut. A remote attacker on the adjacent network can exploit this vulnerability by providing specially crafted DHCP Dynamic Host Configuration Protocol options, such as a malicious hostname, to a system using dracut's legacy DHCP path. These options are improperly handled and...
CVE-2026-44932
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...
CVE-2026-44932 indirect remote shell command injection via unsanitized DHCP options in wicked
Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine...
CVE-2026-44932
Wicked (openSUSE/SUSE Linux) is affected by CVE-2026-44932 through an indirect remote shell command injection via unsanitized DHCP options. The root cause is unsanitized DHCP strings being handled by the wicked DHCP client, with leaseinfo dump output and certain option processing allowing code ex...
PT-2026-49283
Name of the Vulnerable Software and Affected Versions dhcpcd version 10.3.0 Description A NULL pointer dereference occurs during the parsing of configuration options. In the parse option function, the software performs a member access on a NULL pointer of type struct dhcp opt when an invalid opti...
SUSE SLES15 Security Update : wicked (SUSE-SU-2026:2353-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2353-1 advisory. - CVE-2026-44932: Fixed indirect remote shell command injection via unsanitized DHCP options bsc1265221. Tenable has extracted the preceding...