64 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-56113
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon...
CVE-2026-56113
dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...
CVE-2026-56113
Summary of CVE-2026-56113 : The dhcpcd project (up to version 10.3.2) contains a heap use-after-free vulnerability in the DHCPv6 path. Specifically, in dhcp6_deprecateaddrs(), when processing a crafted DHCPv6 RENEW reply (using RFC6603 OPTION_PD_EXCLUDE) with both the preferred and valid lifetime...
CVE-2026-56113
dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...
CVE-2026-56113 dhcpcd Heap Use-After-Free in dhcp6_deprecateaddrs via DHCPv6 RENEW
dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...
PT-2026-51562
Name of the Vulnerable Software and Affected Versions dhcpcd versions prior to 10.3.3 Description A heap use-after-free issue exists where unauthenticated attackers on the same link can crash the daemon. This occurs when a crafted DHCPv6 RENEW reply is sent containing an RFC6603 OPTION PD EXCLUDE...
CVE-2026-44394
An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone federated token rescoping mechanism does not propagate the original token's expiry to the newly issued token. When a federated user rescopes a token via POST /v3/auth/tokens, the handlescopedtoken function in the mapped...
CVE-2026-46103
A flaw was found in the Linux kernel's can: ucan USB driver. This vulnerability arises from incorrect management of device resource lifetimes, where resources are tied to the parent USB device instead of the USB interface. This can lead to memory leaks when drivers are unbound without the...
openSUSE 16 Security Update : log4cxx (openSUSE-SU-2026:20705-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20705-1 advisory. Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain...
OPENSUSE-SU-2026:20705-1 Security update for log4cxx
This update for log4cxx fixes the following issues: Changes in log4cxx: - update to 1.7.0 bsc1261994, CVE-2026-40023: Non-ascii characters incorrectly encoded in JSON output 615 XML output could contain characters not allowed by the XML 1.0 specification An XML configuration file with recursive...
SUSE SLES12 Security Update : kernel (Live Patch 64 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:0518-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0518-1 advisory. This update for the SUSE Linux Enterprise kernel 4.12.14-122.244 fixes various security issues The following security issues were fixed: -...
SUSE-SU-2026:0515-1 Security update for the Linux Kernel (Live Patch 65 for SUSE Linux Enterprise 12 SP5)
This update for the SUSE Linux Enterprise kernel 4.12.14-122.247 fixes various security issues The following security issues were fixed: - CVE-2023-53321: wifi: mac80211hwsim: drop short frames bsc1250314. - CVE-2025-38352: posix-cpu-timers: fix race between handleposixcputimers and...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004956)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004956 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srptport from regular...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992479)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992479 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Fix a use-after-free Change the LIO port members inside struct srptport from regular...
USN-7891-1: rust-openssl vulnerabilities
Matt Mastracci discovered that rust-openssl was incorrectly handling server lifetimes in certain functions. An attacker could possibly use this issue to cause a denial of service or run arbitrary memory content to the client. CVE-2025-24898 It was discovered that rust-openssl was incorrectly...
USN-7891-1 rust-openssl vulnerabilities
Matt Mastracci discovered that rust-openssl was incorrectly handling server lifetimes in certain functions. An attacker could possibly use this issue to cause a denial of service or run arbitrary memory content to the client. CVE-2025-24898 It was discovered that rust-openssl was incorrectly...
EUVD-2025-35689
Keycloak does not invalidate sessions when "Remember Me" is disabled...
CVE-2025-11429 Keycloak-server: too long and not settings compliant session
A flaw was found in Keycloak. Keycloak does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active retain their extended session lifetime until they expire, overriding the administrator's recent security...
CVE-2025-59451
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...
EUVD-2025-32581
The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...