CVE-2026-41013 Tenant-controlled comma smuggles arbitrary CIFS mount options

Input validation bypass in SMB volume mount handling in CloudFoundry Foundation diego-release allows low-privileged CF space developer to inject arbitrary kernel CIFS mount options via bypassing the mount-option allowlist, enabling privilege escalation and security control bypass on multi-tenant...

EUVD-2026-10692

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally...

EUVD-2026-10621

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally...

MiracleLinux 4 : samba4-4.2.10-12.AXS4 (AXSA:2017-2429:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2429:04 advisory. A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB...

CVE-2026-20919

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SMB Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-58726

Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network...

EUVD-2025-34368

Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network...

Windows SMB Client Tampering Vulnerability

Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network...

EUVD-2004-0090

Malware in sbrugna...

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smb: client: fix use-after-free in cifsoplockbreak CVE-2025-38527 kernel: NFS: Fix filehandle bounds checking in nfsfhtodentry CVE-2025-39730 For more details about the security issues,...

EUVD-2025-24342

Malicious code in bioql PyPI...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-36028: mm/hugetlb: fix DEBUGLOCKSWARNON1 when dissolvefreehugetlbfolio bsc1225707. CVE-2024-36348, CVE-2024-36349, CVE-2024-36350, CVE-2024-36357:...

CVE-2025-50169

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows SMB allows an unauthorized attacker to execute code over a network...

CVE-2025-48802

Improper certificate validation in Windows SMB allows an authorized attacker to perform spoofing over a network...

CVE-2004-0090

Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors...

SUSE CVE-2022-49822

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next mount with fsc, it...

cifs: Fix integer overflow while processing acregmax mount option

...

UBUNTU-CVE-2024-50119

In the Linux kernel, the following vulnerability has been resolved: cifs: fix warning when destroy 'cifsiorequestpool' There's a issue as follows: WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 freelargekmalloc+0xac/0xe0 RIP: 0010:freelargekmalloc+0xac/0xe0 Call Trace: ? warn+0xea/0x330...

Security update for the Linux Kernel (Live Patch 21 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024100 fixes several issues. The following security issues were fixed: CVE-2021-47598: schcake: do not call cakedestroy from cakeinit bsc1227471. CVE-2024-35863: Fixed potential UAF in isvalidoplockbreak bsc1225011. CVE-2023-52752: smb: client: fix...

UBUNTU-CVE-2021-47307

In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL deref in cifscomposemountoptions The optional @ref parameter might contain an NULL nodename, so prevent dereferencing it in cifscomposemountoptions. Addresses-Coverity: 1476408 "Explicit null dereferenced"...