Lucene search
K

174 matches found

SUSE CVE
SUSE CVE
added 2026/04/03 11:28 p.m.3 views

SUSE CVE-2026-23427

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...

9.8CVSS5.7AI score0.0029EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/03 6:31 p.m.3 views

EUVD-2026-18659

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...

5.8AI score0.0029EPSS
Exploits0References6
NVD
NVD
added 2026/04/03 4:16 p.m.2 views

CVE-2026-23427

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...

9.8CVSS0.0029EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.2 views

CVE-2026-23427

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...

9.8CVSS5.8AI score0.0029EPSS
Exploits0References7
OSV
OSV
added 2026/04/03 4:16 p.m.3 views

UBUNTU-CVE-2026-23427

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...

9.8CVSS5.7AI score0.0029EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/04/03 3:15 p.m.23 views

CVE-2026-23427 ksmbd: fix use-after-free in durable v2 replay of active file handles

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...

9.8CVSS0.0029EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.2 views

CVE-2026-23427

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...

5.7AI score0.0029EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/04/03 3:15 p.m.20 views

CVE-2026-23427

Summary: CVE-2026-23427 affects ksmbd in the Linux kernel and has been fixed to address a use-after-free in durable v2 replay of active SMB file handles. The root cause is that parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling D...

9.8CVSS5.8AI score0.0029EPSS
Exploits0References5Affected Software1
The Hacker News
The Hacker News
added 2026/04/03 8:35 a.m.7 views

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable...

6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.3 views

PT-2026-30122

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc3+ Description The Linux kernel contained a use-after-free flaw within the ksmbd component, specifically in the handling of durable v2 replay operations involving active file handles. The parse durable...

9.8CVSS7.1AI score0.00817EPSS
Exploits4References80
Veracode
Veracode
added 2026/03/28 5:5 a.m.8 views

Incorrect Authorization

Apache Artemis is vulnerable to Incorrect Authorization. The vulnerability is due to incorrect authorization, where an authenticated user with the 'createDurableQueue' permission but without the 'createAddress' permission can create a temporary address when attempting to create a non-durable JMS...

4.3CVSS5.2AI score0.0047EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-32642

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to crea...

4.3CVSS5.8AI score0.0047EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/24 11:54 a.m.6 views

CVE-2026-32642

A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An authenticated user can exploit this incorrect authorization vulnerability by attempting to create a non-durable Java Message Service JMS topic subscription on an address that does not exist. If the user has "createDurableQueue"...

4.3CVSS5.7AI score0.0047EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/24 9:30 a.m.6 views

Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

4.3CVSS5.8AI score0.0047EPSS
Exploits0References4Affected Software2
Snyk
Snyk
added 2026/03/24 9:30 a.m.2 views

Incorrect Authorization

Overview org.apache.activemq:artemis-openwire-protocol is a package for activemq. Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempt...

4.3CVSS5.9AI score0.0047EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/24 9:30 a.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempts to create a non-durable JMS topic subscription on a non-existent addres...

4.3CVSS5.9AI score0.0047EPSS
Exploits0References2
OSV
OSV
added 2026/03/24 9:30 a.m.4 views

GHSA-F4GC-MWRG-Q36R Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS5.8AI score0.0047EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/24 8:16 a.m.3 views

CVE-2026-32642

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

4.3CVSS5.8AI score0.0047EPSS
Exploits0References3
OSV
OSV
added 2026/03/24 8:16 a.m.7 views

UBUNTU-CVE-2026-32642

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

4.3CVSS5.8AI score0.0047EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/24 7:53 a.m.26 views

CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission

Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...

2.3CVSS0.0047EPSS
Exploits0References1
Rows per page
Query Builder