Lucene search
K

16 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago3 views

RHEL 10 : cifs-utils (RHSA-2026:32990)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:32990 advisory. The SMB/CIFS protocol is a standard file sharing protocol widely deployed on Microsoft Windows machines. The cifs-utils packages contain tools for...

7.8CVSS5.7AI score0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 4:16 a.m.15 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 4:16 a.m.4 views

UBUNTU-CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/18 3:34 a.m.7 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6AI score0.0012EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 3:34 a.m.12 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

Ubuntu 20.04 LTS : Linux kernel (FIPS) vulnerabilities (USN-7585-2)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7585-2 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls...

7.8CVSS7.8AI score0.00252EPSS
Exploits0References33
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying ...

8.1CVSS5.8AI score0.00122EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/03 11:25 p.m.6 views

SUSE CVE-2026-31392

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client...

6.1CVSS5.7AI score0.00122EPSS
Exploits0References9
OSV
OSV
added 2026/04/03 4:16 p.m.7 views

UBUNTU-CVE-2026-31392

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single server as the client was trying to mount the shares with wrong credentials. It turned out the client...

8.1CVSS5.7AI score0.00122EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/12/30 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992527)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992527 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: fix DFS traversal oops without CONFIGCIFSDFSUPCALL When compiled with CONFIGCIFSDFSUPCALL...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References4
OSV
OSV
added 2025/09/15 2:46 p.m.5 views

CVE-2023-53246 cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL

In the Linux kernel, the following vulnerability has been resolved: cifs: fix DFS traversal oops without CONFIGCIFSDFSUPCALL When compiled with CONFIGCIFSDFSUPCALL disabled, cifsdfsdautomount is NULL. cifs.ko logic for mapping CIFSFATTRDFSREFERRAL attributes to SAUTOMOUNT and corresponding dentry...

5.5CVSS4.8AI score0.00136EPSS
Exploits0References8
OSV
OSV
added 2025/07/16 5:30 p.m.9 views

USN-7640-1 linux-iot vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

7.8CVSS6.7AI score0.08906EPSS
Exploits3References125
OSV
OSV
added 2025/07/03 6:3 p.m.8 views

USN-7585-6 linux-bluefield vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

7.8CVSS6.8AI score0.00252EPSS
Exploits0References33
OSV
OSV
added 2025/06/30 5:40 p.m.15 views

USN-7595-5 linux-gcp, linux-gcp-6.8 vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

7.8CVSS6.6AI score0.00571EPSS
Exploits1References34
OSV
OSV
added 2025/06/24 5:50 p.m.12 views

USN-7595-2 linux-realtime vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

7.8CVSS6.6AI score0.00571EPSS
Exploits1References34
OSV
OSV
added 2025/05/21 11:52 a.m.5 views

SUSE-SU-2025:01640-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48933: netfilter: nftables: fix memory leak during stateful obj update bsc1229621. - CVE-2022-49110: netfilter: conntrack: revisit gc autotuning...

7.8CVSS6.6AI score0.00266EPSS
Exploits0References88
Rows per page
Query Builder