307 matches found
DEBIAN-CVE-2026-31612
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...
CVE-2026-31612
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...
CVE-2026-31614 smb: client: fix off-by-8 bounds check in check_wsl_eas()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in checkwsleas The bounds check uses u8 ea + nlen + 1 + vlen as the end of the EA name and value, but eadata sits at offset sizeofstruct smb2filefulleainfo = 8 from ea, not at offset 0. The...
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...
CVE-2026-31612
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2getea smb2getea reads eareq-EaNameLength from the client request and passes it directly to strncmp as the comparison length without verifying that the length of the name really is the size of t...
PT-2026-34964
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the smb2 get ea function reads the EaNameLength variable from a client request and passes it to strncmp as the comparison length without verifying if the name length...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013469)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013469 advisory. An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds re...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013702)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013702 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: refuse to create ea block when umounted The ea block expansion need to access sroot while i...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-010745)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010745 advisory. An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds re...
CVE-2026-32695
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative rules.hosts was...
CVE-2026-32695 Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative rules.hosts was...
GHSA-G3HG-J4JV-CWFR Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration
Summary There is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking 166ms. When the username does not exist, the response returns immediatel...
CVE-2026-32305
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...
SUSE CVE-2025-68806
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2setea function, which handles Extended Attributes EA, was performing buffer validation checks that incorrectly omitted the size of the null...
AZL-74312 CVE-2025-68806 affecting package kernel for versions less than 6.6.121.1-1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2setea function, which handles Extended Attributes EA, was performing buffer validation checks that incorrectly omitted the size of the null...
UBUNTU-CVE-2025-68806
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2setea function, which handles Extended Attributes EA, was performing buffer validation checks that incorrectly omitted the size of the null...
CVE-2025-68806
CVE-2025-68806 affects the Linux kernel ksmbd’s handling of Extended Attributes (EA). The root cause is a buffer validation flaw in smb2_set_ea where the null terminator’s size (+1) was not included in EaNameLength, leading to incorrect buffer size checks. The patch fixes validation by adding +1 ...
CVE-2025-68806 ksmbd: fix buffer validation by including null terminator size in EA length
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix buffer validation by including null terminator size in EA length The smb2setea function, which handles Extended Attributes EA, was performing buffer validation checks that incorrectly omitted the size of the null...
CVE-2022-26147
The Quectel RG502Q-EA modem before 2022-02-23 allow OS Command Injection...
SUSE CVE-2023-54305
In the Linux kernel, the following vulnerability has been resolved: ext4: refuse to create ea block when umounted The ea block expansion need to access sroot while it is already set as NULL when umount is triggered. Refuse this request to avoid panic...