1780 matches found
SUSE-SU-2026:20760-1 Security update for curl
This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...
OPENSUSE-SU-2026:20404-1 Security update for curl
This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...
SUSE SLED15 / SLES15 Security Update : curl (SUSE-SU-2026:0903-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0903-1 advisory. - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect...
SUSE-SU-2026:0911-1 Security update for curl
This update for curl fixes the following issues: - CVE-2026-1965: bad reuse of HTTP Negotiate connection bsc1259362. - CVE-2026-3783: token leak with redirect and netrc bsc1259363. - CVE-2026-3784: wrong proxy connection reuse with credentials bsc1259364. - CVE-2026-3805: use after free in SMB...
PT-2026-25833
Name of the Vulnerable Software and Affected Versions Sonos Era 300 affected versions not specified Description The Sonos Era 300 is affected by an out-of-bounds access issue related to SMB responses, potentially leading to remote code execution. The issue was discovered by dmdung of STAR Labs SG...
comp5003-sweeny-pentest
COMP5003: Sweeny Barbers Penetration Test Full ethical hackin...
curl: SMB READ_ANDX DataOffset not validated
Summary: in smbrequeststate case SMBDOWNLOAD curl reads two server-controlled fields from a READANDX response and uses them to decide where in the receive buffer file data starts. c / lib/smb.c / len = Curlread16leconst unsigned char msg + sizeofstruct smbheader + 11; off = Curlread16leconst...
Windows File Explorer NTLM Forced Authentication Hash Disclosure 1.0
Windows File Explorer contains persistent forced authentication behavior that automatically transmits NTLM challenge-response hashes to remote SMB/WebDAV endpoints during routine file operations, enabling credential theft and potential domain compromise through NTLM relay attacks. This is not an...
Microsoft Windows 11 24H2 NTLM Relay Orchestrator Privilege Escalation
This Metasploit module checks the SMB Signing status on remote targets. If signing is not required, the target is vulnerable to NTLM Relay attacks. It serves as an automated pre-flight check for relay operations...
📄 Microsoft Windows 11 SMB Local Privilege Escalation
Proof of concept for CVE‑2025‑33073, a Microsoft Windows SMB privilege escalation vulnerability that abuses local NTLM reflection behavior within the SMB stack...
SUSE CVE-2026-3805
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
DEBIAN-CVE-2026-3805
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
CVE-2026-3805
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
CVE-2026-3805
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
CVE-2026-3805 use after free in SMB connection reuse
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
CVE-2026-3805
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
CVE-2026-3805
CVE-2026-3805 describes a heap-use-after-free in curl’s SMB connection reuse. During needle-based connection reuse, curl sets req->path to point inside the connection-owned smbc->share memory. When the needle is freed, smbc->share is freed as well, but req->path on the easy handle rem...
CVE-2026-3805 use after free in SMB connection reuse
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
use after free in SMB connection reuse
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...
CURL-CVE-2026-3805 use after free in SMB connection reuse
When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory...