Lucene search
K

1784 matches found

OSV
OSV
added 2025/12/19 4:46 p.m.3 views

SUSE-SU-2026:20015-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50253: bpf: make sure skb-len != 0 when redirecting to a tunneling device bsc1249912. - CVE-2025-37916: pdscore: remove write-after-free of clientid bsc1243474. -...

7.8CVSS6.9AI score0.00236EPSS
Exploits1References220
Hacker One
Hacker One
added 2025/12/18 11:38 a.m.15 views

curl: Heap Buffer Over-Read via Malicious SMB Server READ_ANDX Response

================================================================================ DESCRIPTION: ================================================================================ Summary: I discovered a heap buffer over-read vulnerability in libcurl's SMB protocol implementation. A malicious SMB serv...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2025/12/18 11:13 a.m.12 views

curl: Heap Buffer Over-Read via Malicious SMB Server READ_ANDX Response

================================================================================ DESCRIPTION: ================================================================================ Summary: I discovered a heap buffer over-read vulnerability in libcurl's SMB protocol implementation. A malicious SMB serv...

6.9AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/12/18 9:2 a.m.3 views

smb: client: fix memory leak in cifs_construct_tcon()

...

5.5CVSS6.7AI score0.00173EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/12/16 8:2 p.m.143 views

Exploit for CVE-2017-0144

No d...

9.3CVSS7AI score0.9923EPSS
Exploits55
OSV
OSV
added 2025/12/16 4:16 p.m.6 views

AZL-72625 CVE-2025-68295 affecting package kernel for versions less than 6.6.119.3-1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix memory leak in cifsconstructtcon When having a multiuser mount with domain= specified and using cifscreds, cifssetcifscreds will end up setting @ctx-domainname, so it needs to be freed before leaving...

5.8AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 3:6 p.m.18 views

CVE-2025-68295

CVE-2025-68295 is a Linux kernel issue affecting the SMB CIFS client. When using multiuser mounts with domain= and cifscreds, the code path in cifs_set_cifscreds() ends up assigning the domain name to ctx->domainname, and this memory is not freed on exit from cifs_construct_tcon(), causing a m...

6AI score0.00173EPSS
Exploits0References7
NVD
NVD
added 2025/12/16 2:15 p.m.9 views

CVE-2025-68226

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix incomplete backport in cfidsinvalidationworker The previous commit bdb596ceb4b7 "smb: client: fix potential UAF in smb2closecachedfid" was an incomplete backport and missed one krefput call in...

0.0015EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51639

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's SMB client related to an incomplete backport in the cfids invalidation worker function. A previous commit aimed to address a potential use-after-free...

6.2AI score0.0015EPSS
Exploits0References7
NVD
NVD
added 2025/12/15 9:15 p.m.16 views

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

8.8CVSS0.00365EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.5 views

CVE-2023-53875 GOM Player 2.3.90.5360 Remote Code Execution via Insecure IE Component

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

7.5CVSS8.2AI score0.00365EPSS
Exploits1References3
CVE
CVE
added 2025/12/15 8:28 p.m.15 views

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in the Internet Explorer component. The issue can be triggered via DNS spoofing with a malicious URL shortcut and WebDAV, enabling an attacker to execute arbitrary code and potentially run a reverse shell with SMB server intera...

8.8CVSS8.2AI score0.00365EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.6 views

PT-2025-51293

Name of the Vulnerable Software and Affected Versions GOM Player version 2.3.90.5360 Description GOM Player has a remote code execution issue in its Internet Explorer component. An attacker can execute arbitrary code through DNS spoofing. The attack involves redirecting a victim using a malicious...

8.8CVSS8.1AI score0.00365EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2025/12/11 2:7 p.m.143 views

security-vulnerabilities-and-protection-measures

Security Vulnerabilities and Protection Measures Submitted...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/12/10 12:36 a.m.12 views

SUSE CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

7.5CVSS6.6AI score0.00166EPSS
Exploits0References35
SUSE CVE
SUSE CVE
added 2025/12/10 12:26 a.m.2 views

SUSE CVE-2025-40328

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2closecachedfid findorcreatecacheddir could grab a new reference after krefput had seen the refcount drop to zero but before cfidlistlock is acquired in smb2closecachedfid, leading to...

5.5CVSS6.4AI score0.00191EPSS
Exploits0References21
OSV
OSV
added 2025/12/09 4:17 p.m.3 views

UBUNTU-CVE-2025-40328

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2closecachedfid findorcreatecacheddir could grab a new reference after krefput had seen the refcount drop to zero but before cfidlistlock is acquired in smb2closecachedfid, leading to...

5.7AI score0.00191EPSS
Exploits0References22
Cvelist
Cvelist
added 2025/12/09 4:9 a.m.21 views

CVE-2025-40328 smb: client: fix potential UAF in smb2_close_cached_fid()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2closecachedfid findorcreatecacheddir could grab a new reference after krefput had seen the refcount drop to zero but before cfidlistlock is acquired in smb2closecachedfid, leading to...

0.00191EPSS
Exploits0References4
OSV
OSV
added 2025/12/09 4:9 a.m.3 views

CVE-2025-40328 smb: client: fix potential UAF in smb2_close_cached_fid()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2closecachedfid findorcreatecacheddir could grab a new reference after krefput had seen the refcount drop to zero but before cfidlistlock is acquired in smb2closecachedfid, leading to...

6.3AI score0.00191EPSS
Exploits0References7
NVD
NVD
added 2025/12/09 1:16 a.m.9 views

CVE-2023-53794

In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free issue Don't collect exiting session in smb2reconnectserver, because it will be released soon. Note that the exiting session will stay in server-smbseslist until i...

0.00166EPSS
Exploits0References3
Rows per page
Query Builder