Security Vulnerabilities
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.
The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.
CVSS Score
8.4
EPSS Score
0.002
Published
2026-05-21
In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected.
In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-05-21
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by the shell. As a result, a suitably crafted network name can be used to execute commands via a subshell.
The problem can be exploited to execute code as root on the system running bsdinstall or bsdconfig. The attacker would need to create an access point with a specially crafted name and be within range of a Wi-Fi scan. Note that bsdinstall and bsdconfig are vulnerable as soon as the user prompts them to scan for nearby networks; they do not need to actually select the malicious network.
CVSS Score
7.5
EPSS Score
0.003
Published
2026-05-21
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
CVSS Score
7.8
EPSS Score
0.002
Published
2026-05-21
libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become available. However, it does not verify that its socket descriptor fits within select(2)'s descriptor set size limit of FD_SETSIZE (1024).
An attacker able to cause an application using libcasper(3) to allocate large file descriptors, e.g., by opening many descriptors and executing a program which is not careful to close them upon startup, may trigger stack corruption. If the target application runs with setuid root privileges, this could be used to escalate local privileges.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-05-21
Incorrect Behaviour of Views with TCP PROXY Requests
CVSS Score
4.8
EPSS Score
0.001
Published
2026-05-21
Insufficient Validation of Names During AXFR
CVSS Score
6.8
EPSS Score
0.002
Published
2026-05-21
Insufficient Validation of Autoprimary SOA Queries
CVSS Score
7.5
EPSS Score
0.004
Published
2026-05-21
Concurrency and locking defects in GSS-TSIG
CVSS Score
5.9
EPSS Score
0.003
Published
2026-05-21
Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
CVSS Score
4.9
EPSS Score
0.004
Published
2026-05-21