53 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a reference count leak when an invalid session is found during session lookup. When a session is found, but its state is not SMB2SESSIONVALID, it indicates that no valid session was found. However, the reference coun...
CVE-2026-34072
CrnMaster cronmaster is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s...
CVE-2026-34072 cronmaster: Middleware authentication bypass enabling unauthorized page access and server-action execution
CrnMaster cronmaster is a Cronjob management UI with human readable syntax, live logging and log history for cronjobs. Prior to version 2.2.0, an authentication bypass in middleware allows unauthenticated requests with an invalid session cookie to be treated as authenticated when the middleware’s...
SUSE CVE-2026-33281
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...
CVE-2026-33281
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...
CVE-2026-33281
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...
CVE-2026-33281 Ella Core panics on invalid PDU Session IDs in NGAP messages
Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP messages to Ella Core can crash the process, causing service disruption for all connected...
CVE-2026-33281
CVE-2026-33281 affects Ella Core, a private-network 5G core. The issue occurs when processing NGAP messages with invalid PDU Session IDs outside 1-15, causing the process to panic and potentially disrupt service for all connected subscribers. No authentication is required. This affects versions p...
GO-2026-4783 Ella Core panics on invalid PDU Session IDs in NGAP messages in github.com/ellanetworks/core
Ella Core panics on invalid PDU Session IDs in NGAP messages in github.com/ellanetworks/core...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the NGAP message handling process. An attacker can cause the application to panic and potentially crash by sending specially crafted messages with invalid PDU Session IDs. Remediation Upgrade...
free5GC 代码问题漏洞
free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC such as 1.4.1 and earlier contained code vulnerabilities. These vulnerabilities resulted from the risk of leaking detailed internal error messages when processing invalid pduSessionId inputs. This...
CVE-2025-69250 free5GC has Improper Error Handling in UDM, Leading to Information Exposure
free5gc UDM provides Unified Data Management UDM for free5GC, an open-source project for 5th generation 5G mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages e.g., strconv.ParseInt parsing errors to remote clients when processi...
SUSE CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
AZL-78425 CVE-2025-71150 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
UBUNTU-CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
CVE-2025-71150 ksmbd: Fix refcount leak when invalid session is found on session lookup
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
CVE-2025-71150
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2SESSIONVALID, It indicates that no valid session was found, but it is missing to decrement the reference...
CVE-2025-71150
CVE-2025-71150 relates to a Linux kernel KSMD (ksmbd) refcount leak: when a session is found during session lookup but SMB2_SESSION_VALID is not set, the reference count for that session is not decremented. The patch fixes this by explicitly calling ksmbd_user_session_put to release the reference...