14 matches found
CVE-2026-43490
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smbinheritdacl walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it, but does not verify that...
EUVD-2026-30503
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smbinheritdacl walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it, but does not verify that...
CVE-2026-43490
The CVE-2026-43490 entry concerns the Linux kernel ksmbd SMB server. The flaw arises in smb_inherit_dacl() where the code validates a fixed SID header but not the variable-length SID described by sid.num_subauth, allowing a malformed inheritable ACE to advertise more subauthorities than present. ...
PT-2026-41267
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the smb inherit dacl function fails to verify that the variable-length Security Identifier SID described by sid.num subauth is fully contained within the Access...
Linux Distros Unpatched Vulnerability : CVE-2026-43490
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: validate inherited ACE SID length smbinheritdacl walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE...
PT-2026-31308
Name of the Vulnerable Software and Affected Versions Eclipse Jetty affected versions not specified Description Eclipse Jetty's JASPIAuthenticator class sets two ThreadLocal variables during authentication checks. Under certain conditions, the code returns early without clearing these ThreadLocal...
EUVD-2025-175379
Directus has Improper Permission Handling on Deleted Fields...
Linux Distros Unpatched Vulnerability : CVE-2021-39897
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have...
CVE-2021-39897
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred...
UBUNTU-CVE-2021-39897
Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the subgroup is transferred...
CVE-2021-39897
Technical details about CVE-2021-39897 are not publicly disclosed in the provided documents. No confirmed affected products/versions or fixes are present here. Monitor for updates from official advisories and vendor records.
PT-2021-22743 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.5 and above Description: The issue concerns improper access control, where subgroup members with inherited access to a project from a parent group could still access the project even after the subgroup is transferred...
GitLab 访问控制错误漏洞
GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. The application can be used to access a project's file content, commit history, bug list, etc. An access control error vulnerability exists in GitLab CE/EE, which can be...
Richard Gooch SimpleInit 2.0.2 - Open File Descriptor
// source: https://www.securityfocus.com/bid/5001/info A vulnerability has been reported for simpleinit that may allow users to execute arbitrary commands as the superuser. The vulnerability occurs because simpleinit may allow some child processes to inherit a file descriptor with read-write...