Lucene search
+L

13 matches found

SUSE CVE
SUSE CVE
added 2026/03/25 4:59 p.m.5 views

SUSE CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

7.5CVSS5.9AI score0.01361EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/03/25 8:46 a.m.13 views

CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

7.5CVSS7.5AI score0.01361EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/10/31 12:35 a.m.5 views

SUSE CVE-2025-11232

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

7.5CVSS6.6AI score0.00387EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/10/29 6:2 p.m.9 views

CVE-2025-11232 Invalid characters cause assert

To trigger the issue, three configuration parameters must have specific settings: "hostname-char-set" must be left at the default setting, which is "^A-Za-z0-9.-"; "hostname-char-replacement" must be empty the default; and "ddns-qualifying-suffix" must NOT be empty the default is empty. DDNS...

7.5CVSS0.00387EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/28 9:41 p.m.5 views

CVE-2025-40779

A vulnerability was found in Kea. When an attacker who is an existing client with an assigned IP sends a crafted unicast packet directly to the server's IP and Kea cannot find any subnets that match that client's credentials, the server crashes causing a Denial of Service via assertion/NULL-path...

7.5CVSS6.3AI score0.00495EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/08/27 8:23 p.m.14 views

CVE-2025-40779 Kea crash upon interaction between specific client options and subnet selection

If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the kea-dhcp4 process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem...

7.5CVSS0.00495EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-32801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points...

7.8CVSS7.2AI score0.00233EPSS
Exploits0References3
OSV
OSV
added 2025/05/28 5:15 p.m.2 views

DEBIAN-CVE-2025-32802

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions...

6.1CVSS5.5AI score0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/28 5:8 p.m.12 views

CVE-2025-32803 Insecure file permissions can result in confidential information leakage

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8...

4CVSS7AI score0.00212EPSS
Exploits0References1
CVE
CVE
added 2025/05/28 5:8 p.m.70 views

CVE-2025-32803

CVE-2025-32803 affects ISC Kea log/lease files that can be world-readable. Affected Kea versions: 2.4.0–2.4.1, 2.6.0–2.6.2, 2.7.0–2.7.8. The CVE is categorized with LOCAL attack vector, low confidentiality impact, and no exploitation details provided in the initial documents. Connected advisories...

4CVSS4.4AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/28 5:8 p.m.20 views

CVE-2025-32803 Insecure file permissions can result in confidential information leakage

In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8...

4CVSS0.00212EPSS
Exploits0References1
CVE
CVE
added 2025/05/28 5:8 p.m.71 views

CVE-2025-32802

CVE-2025-32802 affects the Kea DHCP server. The issue arises from insecure handling of configuration and API directives, allowing an attacker to overwrite arbitrary files depending on the Kea process permissions. Affected versions include 2.4.0–2.4.1, 2.6.0–2.6.2, and 2.7.0–2.7.8. The vulnerabili...

6.1CVSS7.2AI score0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/28 5:3 p.m.14 views

CVE-2025-32801 Loading a malicious hook library can lead to local privilege escalation

Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through...

7.8CVSS6.9AI score0.00233EPSS
Exploits0References1
Rows per page
Query Builder