CVE-2026-24936

CVE-2026-24936 affects ASUSTOR ADM: an improper input parameter validation flaw in a CGI program when a specific function is enabled during AD Domain join allows an unauthenticated remote attacker to write arbitrary data to any file, potentially leading to complete system compromise. Affected: AD...

CVE-2026-24936

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

CVE-2026-24936 An improper input validation vulnerability was found in ADM while joining a AD Domain.

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

CVE-2026-24936 An improper input validation vulnerability was found in ADM while joining a AD Domain.

When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...

PT-2026-5771

Name of the Vulnerable Software and Affected Versions ASUSTOR ADM versions 4.1.0 through 4.3.3.ROF1 ASUSTOR ADM versions 5.0.0 through 5.1.1.RCI1 Description An improper input parameters validation issue exists in a specific CGI program when a particular function is enabled during Active Director...

CVE-2025-22956

OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account passwor...

CVE-2025-22956

OPSI prior to version 4.3 is vulnerable: any client can retrieve any ProductPropertyState, including other clients’ data. This exposure could enable privilege escalation if a secret such as a domain-join password in windomain is stored in ProductPropertyState. Root cause is improper access contro...

CVE-2025-22956

OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account passwor...

PT-2025-36466

Name of the Vulnerable Software and Affected Versions: OPSI versions prior to 4.3 Description: OPSI allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret intended to be accessib...

Security update for samba

This update for samba fixes the following issues: CVE-2025-0620: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session bsc1244136. Other bugfixes: net ad join fails with "Failed to join domain: failed to create kerberos keytab" bsc1238063. Patch Instructions:...

SUSE-SU-2025:02230-1 Security update for samba

This update for samba fixes the following issues: - CVE-2025-0620: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session bsc1244136. Other bugfixes: - net ad join fails with 'Failed to join domain: failed to create kerberos keytab' bsc1238063...

January 10, 2023—KB5022343 (Security-only update)

January 10, 2023—KB5022343 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. REMINDERWindows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, the...

January 10, 2023—KB5022348 (Monthly Rollup)

January 10, 2023—KB5022348 Monthly Rollup Summary Learn more about this cumulative security update, including improvements, any known issues, and how to get the update. REMINDERWindows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, the...

March 14, 2023—KB5023756 (Monthly Rollup)

March 14, 2023—KB5023756 Monthly Rollup IMPORTANT For Windows Server 2012, the end of support EOS date is October 10, 2023. Extended Security Updates ESUs will be available for purchase no later than October 2022, but available for installation after the EOS date, October 10, 2023. ESUs will...

November 8, 2022—KB5020003 (Security-only update)

November 8, 2022—KB5020003 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. REMINDERWindows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, the...

December 13, 2022—KB5021303 (Security-only update)

December 13, 2022—KB5021303 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. REMINDERWindows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020,...

December 13, 2022—KB5021294 (Monthly Rollup)

December 13, 2022—KB5021294 Monthly Rollup Summary Learn more about this cumulative security update, including improvements, any known issues, and how to get the update. REMINDERWindows 8.1 will reach end of support on January 10, 2023, at which point technical assistance and software updates wil...

April 12, 2022—KB5012666 (Security-only update)

April 12, 2022—KB5012666 Security-only update Summary Learn more about this security update, including improvements and fixes, any known issues, and how to get the update. IMPORTANT Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020...

CLSA-2022-1648067906 Fix of CVE: CVE-2020-25717

CVE-2020-25717: Fix username map script regression rhbz2046174 - Fix possible segfault while joining a domain rhbz2046160...

Critical: samba security and bug fix update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Out-of-bounds heap read/write vulnerability in VF...