Lucene search
K

49 matches found

OSV
OSV
added 3 days ago2 views

USN-8496-3 cifs-utils vulnerability

USN-8496-1 fixed vulnerabilities in cifs-utils. The update caused a regression and was backed out in USN-8496-2. This update reintroduces the security fix, along with a fix for the regression. Original advisory details: It was discovered that cifs-utils incorrectly dropped root privileges before...

7.8CVSS6.3AI score0.00121EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/09 12:0 a.m.5 views

TencentOS Server 4: cifs-utils (TSSA-2026:0552)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0552 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS6.1AI score0.00121EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.7 views

Fedora 45 : cifs-utils (2026-90dbff48ca)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-90dbff48ca advisory. Automatic update for cifs-utils-7.6-2.fc45. Changelog Mon Jul 6 2026 Paulo Alcantara - 7.6-2 - cifs.upcall: fix regression with kerberos mounts - Resolves:...

7.8CVSS6AI score0.00121EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.8 views

RockyLinux 10 : cifs-utils (RLSA-2026:32990)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:32990 advisory. cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall CVE-2026-12505 Tenable has extracted the preceding description bloc...

7.8CVSS6AI score0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/07/05 12:5 p.m.9 views

RLSA-2026:32990 Important: cifs-utils security update

The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. The cifs-utils packages contain tools for mounting shares on Linux using the SMB/CIFS protocol. The tools in this package work in conjunction with support in the kernel to allow one to mount a...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/07/05 12:5 p.m.5 views

cifs-utils security update

An update is available for cifs-utils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The SMB/CIFS protocol is a standard file sharing protocol widely deployed...

7.8CVSS5.8AI score0.00121EPSS
Exploits0
OSV
OSV
added 2026/07/03 6:49 p.m.3 views

USN-8496-2 cifs-utils regression

USN-8496-1 fixed a vulnerability in cifs-utils. Unfortunately, the fix introduced a regression with Kerberos mounts. This update reverts the security update until a complete fix is available. We apologize for the inconvenience. Original advisory details: It was discovered that cifs-utils...

7.8CVSS6.3AI score0.00121EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:49 a.m.7 views

RHSA-2026:32990 Red Hat Security Advisory: cifs-utils security update

Bulletin has no description...

7.8CVSS5.7AI score0.00121EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:4 a.m.14 views

Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

...

7.8CVSS5.8AI score0.00121EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/06/25 12:0 p.m.6 views

cifs-utils bug fix and enhancement update

An update is available for cifs-utils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 8...

7.8CVSS7AI score0.00562EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-12505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a...

7.8CVSS6.2AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 4:16 a.m.19 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.00121EPSS
Exploits0References7
OSV
OSV
added 2026/06/18 4:16 a.m.5 views

UBUNTU-CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.00121EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 3:34 a.m.8 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/18 3:34 a.m.7 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.00121EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.21 views

PT-2026-50619

Name of the Vulnerable Software and Affected Versions cifs-utils affected versions not specified Description A flaw exists in the cifs.upcall helper that fails to securely drop root privileges before performing user information lookups within a user-controlled environment. A local, low-privileged...

7.8CVSS6.1AI score0.00121EPSS
Exploits0References29
GithubExploit
GithubExploit
added 2026/06/03 12:15 a.m.202 views

Exploit for CVE-2026-46243

cifswitch-check A shell script to check whether a Linux syste...

7.8CVSS6AI score0.00353EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Unity Linux 20.1060e / 20.1070e Security Update: cifs-utils (UTSA-2026-016660)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016660 advisory. A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host...

6.1CVSS6.6AI score0.00642EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in cifs-utils

cifs-utils from version 6.14 onwards, with verbose logging, can cause an information leak when a file contains equal sign characters but is not a valid credentials file...

5.3CVSS6.4AI score0.01866EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in cifs-utils

In cifs-utils up to version 6.14, a stack-based buffer overflow occurs when parsing the mount.cifs ip= command-line argument. This vulnerability could allow local attackers to gain root privileges...

7.8CVSS7.6AI score0.00562EPSS
Exploits0References2
Rows per page
Query Builder