25 matches found
CVE-2026-11834 Unauthenticated Command Injection via DHCP Option Handling in Multiple TP-Link Routers
A command injection vulnerability has been identified in the DHCP option processing logic in multiple TP-Link router models, due to insufficient validation of externally supplied DHCP option data. An adjacent attacker may exploit this vulnerability by supplying crafted DHCP responses, potentially...
CVE-2026-11834
CVE-2026-11834 describes a command-injection vulnerability in the DHCP option processing logic of multiple TP-Link routers, caused by insufficient validation of externally supplied DHCP option data. An adjacent attacker can exploit this by sending crafted DHCP responses, potentially during device...
CVE-2026-44290
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...
CVE-2026-44290
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...
Linux Distros Unpatched Vulnerability : CVE-2026-43452
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kind, walkers that advance with i +...
UBUNTU-CVE-2026-35343
The cut utility in uutils coreutils incorrectly handles the -s only-delimited option when a newline character is specified as the delimiter. The implementation fails to verify the onlydelimited flag in the cutfieldsnewlinechardelim function, causing the utility to print non-delimited lines that...
CLSA-2026-1774017921 Fix CVE(s): CVE-2026-25749
SECURITY UPDATE: Heap buffer overflow in helpfile option handling - debian/patches/CVE-2026-25749.patch: use vimstrncpy with MAXPATHL bound instead of unbounded STRCPY in gettagfname - CVE-2026-25749...
CVE-2023-26143
Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the...
Out-of-bounds read vulnerability in Cente middleware
Overview Some products in Cente middleware TCP/IP Network Series developed by DMG MORI Digital Co., LTD. and provided by NXTech Co., Ltd. treat TCP MSS option values improperly, leading to an out-of-bounds read vulnerability CWE-125, CVE-2025-23406. DMG MORI Digital Co., LTD. reported this...
SUSE CVE-2025-21683
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfskselectreuseport memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLISHED socket. Such TCP socket may have had SOATTACHREUSEPORTEBPF set before it was ESTABLISHED. In other...
kernel: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939skmatchfilter during setsockoptSOJ1939FILTER Lock jsk-sk to prevent UAF when setsockopt..., SOJ1939FILTER, ... modifies jsk-filters while receiving packets. Following trace was seen on affected system:...
CVE-2024-39520
An Improper Neutralization of Special Elements vulnerability in Juniper Networks Junos OS Evolved commands allows a local, authenticated attacker with low privileges to escalate their privileges to 'root' leading to a full compromise of the system. The Junos OS Evolved CLI doesn't properly handle...
EDK2 Buffer Error Vulnerability
EDK2 is a cross-platform firmware development environment from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 that stems from the Network Package's susceptibility to a buffer overflow vulnerability when handling the DNS server option in...
USN-5964-2 curl vulnerabilities
USN-5964-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing,...
CVE-2022-41860
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...
Arbitrary Memory Read
The Linux kernel is vulnerable to arbitrary memory read. A flaw in the IPv6 socket option handling allows a local user to read arbitrary kernel memory...
EulerOS 2.0 SP2 : NetworkManager (EulerOS-SA-2019-1119)
According to the version of the NetworkManager packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling CVE-2018-15688 Note that Tenable Network Security has extracte...
RHEL 7 : systemd (RHSA-2019:0049)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0049 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...
Apple macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKET layer. It's implemented by flowdiverttokensetstruct socket so, struct sockopt sopt in flowdivert.c. The relevant code is: error = sooptgetmsopt, &token; if error goto don...
Apple macOSiOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Option Handling
Apple macOSiOS Kernel - Memory Disclosure Due to Lack of Bounds Checking in netagent Socket Option Handling / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1140 netagentctlsetopt is the setsockopt handler for netagent control sockets. Options of type NETAGENTOPTIONTYPEREGISTER...