Lucene search
+L

248 matches found

mskb
mskb
added 2026/06/09 2:0 p.m.725 views

June 9, 2026—KB5094122 (OS Build 14393.9234)

None None...

9.8CVSS6.8AI score0.48438EPSS
Exploits3
euvd
euvd
added 2026/05/28 9:36 a.m.10 views

EUVD-2026-32793

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...

5.8AI score0.00203EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/28 9:36 a.m.39 views

CVE-2026-46166 wifi: mac80211: use safe list iteration in radar detect work

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use safe list iteration in radar detect work The call to ieee80211dfscaccancel can cause the iterated chanctx to be freed and removed from the list. Guard against this to avoid a slab-use-after-free error...

8.8CVSS0.00203EPSS
Exploits0References4
astralinux
astralinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an DFS traversal error without CONFIGCIFSDFSUPCALL. When compiled with CONFIGCIFSDFSUPCALL disabled, cifsdfsdautomount is NULL. The logic in cifs.ko for mapping CIFSFATTRDFSREFERRAL attributes to SAUTOMOUNT and...

5.5CVSS5.9AI score0.00136EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fixed issues with dfs-radar and temperature event locking. The ath12k active PDevs are protected by RCU, but the code responsible for handling DFS-radar and temperature events, which calls ath12kmacgetarbypdevid...

5.9CVSS5.3AI score0.00707EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevents underflow in sofipc4prioritymaskdfswrite. The “id” field comes from the user. The type of this field should be changed to unsigned to prevent an array underflow...

7.8CVSS5.8AI score0.00235EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k – Fix for DFS radar event locking. The ath11k active PDevs are protected by RCU, but the code that handles DFS radar events and calls ath11kmacgetarbypdevid was not marked as a read-side critical section. Mark the...

8.8CVSS6.2AI score0.01EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refreshcacheworker The UAF bug occurred because we were putting DFS root sessions in cifsumount while DFS cache refresher was being executed. Make DFS root sessions have same lifetime as DFS tcons ...

7.8CVSS6.2AI score0.00158EPSS
Exploits0References2
nessus
nessus
added 2026/04/17 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-007339)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007339 advisory. In the Linux kernel, the following vulnerability has been resolved: cifs: parsedfsreferrals: prevent oob on malformed input Malicious SMB server can send invalid rep...

5.6AI score0.00183EPSS
Exploits0References4
astralinux
astralinux
added 2026/03/03 9:29 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cifs: parsedfsreferrals: prevents out-of-bounds access on malformed inputs A malicious SMB server can send invalid responses to FSCTLDFSGETREFERRALS. - The response is smaller than sizeofstruct getdfsreferralrsp. - The response...

6.1AI score0.00183EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/02/12 7:28 p.m.10 views

CVE-2026-2249

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS6.1AI score0.00514EPSS
Exploits1References1
nvd
nvd
added 2026/02/11 3:16 p.m.9 views

CVE-2026-2249

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS0.00514EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/02/11 2:16 p.m.6 views

CVE-2026-2249 Unauthenticated Remote Command Execution via Web Console in METIS DFS

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS6.1AI score0.00514EPSS
Exploits1References2
cvelist
cvelist
added 2026/02/11 2:16 p.m.32 views

CVE-2026-2249 Unauthenticated Remote Command Execution via Web Console in METIS DFS

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS0.00514EPSS
Exploits1References2
cnnvd
cnnvd
added 2026/02/11 12:0 a.m.7 views

METIS DFS 安全漏洞

METIS DFS is a data processing software developed by the Greek company METIS. Versions of METIS DFS 2.1.234-r18 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the /console endpoint, which exposed a web-based shell without authentication requirements. This could...

9.8CVSS6.1AI score0.00514EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/02/11 12:0 a.m.11 views

PT-2026-7598

METIS DFS devices versions = oscore 2.1.234-r18 expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the...

9.8CVSS6.1AI score0.00514EPSS
Exploits1References2
nessus
nessus
added 2026/01/16 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000849)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000849 advisory. Off-by-one error in the builduncpathtoroot function in fs/cifs/connect.c in the Linux kernel before 3.9.6 allows remote attackers to cause a denial of service memory...

7.8CVSS6.3AI score0.03644EPSS
Exploits1References8
nessus
nessus
added 2026/01/16 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000951)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000951 advisory. The SMB2tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service NULL pointer dereference and...

7.8CVSS6.2AI score0.03725EPSS
Exploits0References10
nessus
nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002129)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002129 advisory. The SMB2tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service NULL pointer dereference and...

7.8CVSS6.2AI score0.03725EPSS
Exploits0References10
euvd
euvd
added 2025/12/30 3:30 p.m.8 views

EUVD-2023-60524

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

6AI score0.00167EPSS
Exploits0References4
Rows per page
Query Builder