OESA-2026-2577 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: '-------- Forwarded Message --------', 'Date: Tue, 26 May 2026 14:29:50 +0200', 'Reply-To: Stefan Metzmacher metze samba org', 'Release Announcements\n---------------------\n\nThis is a security release ...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Samba vulnerabilities (USN-8306-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8306-1 advisory. Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacke...

USN-8306-1 samba vulnerabilities

Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS...

PT-2026-43438

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of certificate auto-enrollment Group Policy. When this feature is enabled, Samba may retrieve a CA certificate via an unencrypted HTTP connection and install it in...

PT-2026-43436

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users who possess underlying filesyst...

UBUNTU-CVE-2026-3012

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability t...

PT-2026-43437

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the vfs worm module, which is designed to provide write-once, read-many WORM protections by preventing file modifications after a specific grace period. Due to insufficient...

Astra Linux - уязвимость в opensc

The “use-after-free” vulnerability was identified in the AuthentIC driver within the OpenSC package. It occurs during the card enrollment process, specifically when using the pkcs15-init function. An attacker must have physical access to the computer system and must use a specially crafted USB...

GHSA-GPXG-FX2G-QXJ2 Kanidm: Stored HTML injection in "passkey-enrolment" partial via displayname → htmx-driven authenticated request forgery

Summary The kanidmd web UI renders the WebAuthn passkey-registration challenge as raw JSON inside an inline element using the Askama |safe filter. The challenge embeds the account's displayname, which serdejson serialises without escaping . A displayname containing therefore terminates the script...

Linux Distros Unpatched Vulnerability : CVE-2025-62394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages...

BIT-MOODLE-2025-62394 Moodle: quiz notifications sent to suspended participants

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

Moodle sends quiz-related messages to inactive/suspended users

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

GHSA-8FCV-4QP9-PG32 Moodle sends quiz-related messages to inactive/suspended users

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

CVE-2025-62394

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

CVE-2025-62394

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

UBUNTU-CVE-2025-62394

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

Incorrect Authorization

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Incorrect Authorization due to the insufficient enrolment validation in quiz notifications. An attacker can obtain limited course information by receiving quiz-related messages intended for active...

CVE-2025-62394 Moodle: quiz notifications sent to suspended participants

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

EUVD-2025-35672

Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information...

CVE-2025-62394

CVE-2025-62394 affects Moodle where enrolment verification fails when sending quiz notifications, allowing suspended or inactive users to receive quiz messages and potentially leak limited course information. The issue is described in multiple sources (OSV, Nessus variants, Fedora advisories) as ...