[SECURITY] [DSA 6315-1] cyborg security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6315-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 31, 2026 https://www.debian.org/security/faq -...

CVE-2026-44557 Open WebUI: Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the validatecollectionaccess function uses an incomplete allowlist that only enforces ownership checks for collections matching user-memory- and file- patterns. All other collection...

Astra Linux - уязвимость в samba

A flaw was discovered in Samba. An incomplete access check on dnsHostName allows authenticated, but otherwise unprivileged users to delete this attribute from any object in the directory...

CVE-2025-62510

Summary: CVE-2025-62510 affects FileRise, a self-hosted web-based file manager. A regression in version 1.4.0 allowed folder visibility/ownership to be inferred from folder names, enabling low-privilege users to see or interact with folders that match their username and, in some cases, other user...

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.

...

OESA-2023-1233 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.CVE-2023-0225 The Samb...

Samba 4.17.x < 4.17.7 / 4.18.x < 4.18.1 Incomplete Access Check

The version of Samba running on the remote host is potentially affected by a vulnerability. A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. Note that Nessus has no...

AZL-45378 CVE-2023-0225 affecting package samba for versions less than 4.18.3-1

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory...

Design/Logic Flaw

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory...

SUSE CVE-2023-0225

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory...

UBUNTU-CVE-2023-0225

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory...

samba -- multiple vulnerabilities

The Samba Team reports: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset...

JetBrains YouTrack has an unspecified vulnerability (CNVD-2021-91662)

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software features bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack Mobile 2021.2 previously had a security vulnerability that stemmed from...

USN-3082-1: Linux kernel vulnerability

Chiachih Wu, Yuan-Tsung Lo, and Xuxian Jiang discovered that the legacy ABI for ARM OABI had incomplete access checks for epollwait2 and semtimedop2. A local attacker could use this to possibly execute arbitrary code...

Incomplete Access Management and Remote Code Execution Vulnerability in TYPO3 Core

It has been discovered that TYPO3 Core has Incomplete Access Management and is vulnerable to Remote Code Execution Component Type: TYPO3 Core Vulnerability Types: Cross-Site Scripting, Remote Code Execution Overall Severity: Critical Release Date: September 4, 2013 Vulnerable subcomponent: File...

CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...