174 matches found
SUSE CVE-2026-23427
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...
EUVD-2026-18659
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...
CVE-2026-23427
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...
CVE-2026-23427
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...
UBUNTU-CVE-2026-23427
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...
CVE-2026-23427 ksmbd: fix use-after-free in durable v2 replay of active file handles
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...
CVE-2026-23427
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in durable v2 replay of active file handles parsedurablehandlecontext unconditionally assigns dhinfo-fp-conn to the current connection when handling a DURABLEREQV2 context with SMB2FLAGSREPLAYOPERATION...
CVE-2026-23427
Summary: CVE-2026-23427 affects ksmbd in the Linux kernel and has been fixed to address a use-after-free in durable v2 replay of active SMB file handles. The root cause is that parse_durable_handle_context() unconditionally assigns dh_info->fp->conn to the current connection when handling D...
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol through a novel attack involving durable...
PT-2026-30122
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.0-rc3+ Description The Linux kernel contained a use-after-free flaw within the ksmbd component, specifically in the handling of durable v2 replay operations involving active file handles. The parse durable...
Incorrect Authorization
Apache Artemis is vulnerable to Incorrect Authorization. The vulnerability is due to incorrect authorization, where an authenticated user with the 'createDurableQueue' permission but without the 'createAddress' permission can create a temporary address when attempting to create a non-durable JMS...
Linux Distros Unpatched Vulnerability : CVE-2026-32642
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to crea...
CVE-2026-32642
A flaw was found in Apache Artemis and Apache ActiveMQ Artemis. An authenticated user can exploit this incorrect authorization vulnerability by attempting to create a non-durable Java Message Service JMS topic subscription on an address that does not exist. If the user has "createDurableQueue"...
Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
Incorrect Authorization
Overview org.apache.activemq:artemis-openwire-protocol is a package for activemq. Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempt...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the OpenWire protocol when an authenticated user with the createDurableQueue permission but without the createAddress permission attempts to create a non-durable JMS topic subscription on a non-existent addres...
GHSA-F4GC-MWRG-Q36R Apache Artemis: Unauthorized Temporary Address Creation via OpenWire Protocol
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
CVE-2026-32642
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
UBUNTU-CVE-2026-32642
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...
CVE-2026-32642 Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission
Incorrect Authorization CWE-863 vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn't exist with an authenticated user which has the "createDurableQueue"...