Lucene search
K

64 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-56113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon...

6.5CVSS6AI score0.00175EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-56113

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6.5CVSS0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 4:5 p.m.13 views

CVE-2026-56113

Summary of CVE-2026-56113 : The dhcpcd project (up to version 10.3.2) contains a heap use-after-free vulnerability in the DHCPv6 path. Specifically, in dhcp6_deprecateaddrs(), when processing a crafted DHCPv6 RENEW reply (using RFC6603 OPTION_PD_EXCLUDE) with both the preferred and valid lifetime...

6.5CVSS5.9AI score0.00175EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:5 p.m.5 views

CVE-2026-56113

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6CVSS5.9AI score0.00175EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 4:5 p.m.33 views

CVE-2026-56113 dhcpcd Heap Use-After-Free in dhcp6_deprecateaddrs via DHCPv6 RENEW

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6CVSS0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51562

Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.3 Description A heap use-after-free issue exists where unauthenticated attackers on the same link can crash the daemon. This occurs when a crafted DHCPv6 RENEW reply is sent containing an RFC6603 OPTION PD EXCLUDE...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 12:0 a.m.29 views

CVE-2026-44394

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...

6CVSS0.00249EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/27 4:59 p.m.12 views

CVE-2026-46103

A flaw was found in the Linux kernel's can: ucan USB driver. This vulnerability arises from incorrect management of device resource lifetimes, where resources are tied to the parent USB device instead of the USB interface. This can lead to memory leaks when drivers are unbound without the...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.7 views

openSUSE 16 Security Update : log4cxx (openSUSE-SU-2026:20705-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20705-1 advisory. Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain...

6.3CVSS5.8AI score0.00499EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 10:19 a.m.3 views

OPENSUSE-SU-2026:20705-1 Security update for log4cxx

This update for log4cxx fixes the following issues: Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain characters not allowed by the XML 1.0 specification An XML configuration file with recursive...

6.3CVSS5.8AI score0.00499EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/17 12:0 a.m.4 views

SUSE SLES12 Security Update : kernel (Live Patch 64 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:0518-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0518-1 advisory. This update for the SUSE Linux Enterprise kernel 4.12.14-122.244 fixes various security issues The following security issues were fixed: -...

7.4CVSS7.4AI score0.01345EPSS
Exploits8References11
OSV
OSV
added 2026/02/13 11:4 p.m.3 views

SUSE-SU-2026:0515-1 Security update for the Linux Kernel (Live Patch 65 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise kernel 4.12.14-122.247 fixes various security issues The following security issues were fixed: - CVE-2023-53321: wifi: mac80211hwsim: drop short frames bsc1250314. - CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers and...

7.4CVSS6.6AI score0.01345EPSS
Exploits8References8
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004956)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004956 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srptport from regular...

7.8CVSS6.5AI score0.00159EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992479)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992479 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srptport from regular...

7.8CVSS6AI score0.00159EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2025/11/26 12:56 p.m.4 views

USN-7891-1: rust-openssl vulnerabilities

Matt Mastracci discovered that rust-openssl was incorrectly handling server lifetimes in certain functions. An attacker could possibly use this issue to cause a denial of service or run arbitrary memory content to the client. CVE-2025-24898 It was discovered that rust-openssl was incorrectly...

9.1CVSS5.2AI score0.0065EPSS
Exploits1
OSV
OSV
added 2025/11/26 12:56 p.m.4 views

USN-7891-1 rust-openssl vulnerabilities

Matt Mastracci discovered that rust-openssl was incorrectly handling server lifetimes in certain functions. An attacker could possibly use this issue to cause a denial of service or run arbitrary memory content to the client. CVE-2025-24898 It was discovered that rust-openssl was incorrectly...

9.1CVSS5.9AI score0.0065EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/23 3:30 p.m.5 views

EUVD-2025-35689

Keycloak does not invalidate sessions when "Remember Me" is disabled...

5.4CVSS6.4AI score0.00214EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/23 2:9 p.m.3 views

CVE-2025-11429 Keycloak-server: too long and not settings compliant session

A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...

5.4CVSS6.1AI score0.00214EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/07 2:6 a.m.6 views

CVE-2025-59451

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

3.5CVSS6.9AI score0.00299EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/06 9:30 p.m.4 views

EUVD-2025-32581

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

3.5CVSS6.5AI score0.00299EPSS
Exploits0References4
Rows per page
Query Builder