402 matches found
PT-2026-53746
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.4 Apache Tomcat versions 10.1.0-M1 through 10.1.36 Apache Tomcat versions 9.0.0.M1 through 9.0.100 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...
CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
CVE-2026-52911
The CVE-2026-52911 vulnerability affects the Linux kernel ksmbd code path. When a SESSION_SETUP binds a connection (conn->binding = true), a global session lookup could incorrectly resolve sessions not actually added to the connection’s session list. The fix tightens the global lookup so that ...
Linux Distros Unpatched Vulnerability : CVE-2026-52911
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: A null pointer dereference issue in destroyprevioussession has been fixed. If the -PreviousSessionId is set during the Kerberos session setup phase, a null pointer dereference error may occur. Since sess-user is not set ye...
CVE-2026-11774 389-ds-base: 389-ds-base: integer overflow in sasl packet length bypasses size limit leading to heap buffer overflow
An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...
EulerOS Virtualization 2.13.1 : sssd (EulerOS-SA-2026-2152)
According to the versions of the sssd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default...
GHSA-7J6W-VVW2-5F9C OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens
Impact In OpenBao's Kerberos auth method on the GET handler, or when an Authorization: Negotiate header is supplied, the response is includes a logical.Auth object in addition to an error message. This results in tokens being created with only the default policy, default TTL, and no entity...
CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation
BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...
Important: krb5 security update
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...
nimrm 1.2.0
nimrm is a native WinRM interactive shell client written in Nim. It's designed to be a compact and fast tool for system administration and authorized security testing. Key features include NTLM and Kerberos authentication, in-memory operations, file transfers, OPSEC awareness, and cross platform...
Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (April 2026 - Part 1 of 2)
Summary Multiple vulnerabilities have been addressed in Data Virtualization on IBM Software Hub. Note that Data Virtualization was named Watson Query on IBM Cloud Pak for Data version 4.8. Vulnerability Details CVEID:CVE-2026-23949 DESCRIPTION: jaraco.context, an open-source software package that...
curl: CVE-2026-5545: wrong reuse of HTTP Negotiate connection
Summary: An attacker sharing a libcurl multi-handle connection pool can hijack another user's Negotiate/Kerberos-authenticated connection. When User A authenticates via Negotiate SPNEGO and the connection returns to the pool, User B using CURLAUTHANY with different credentials gets that connectio...
FreeBSD-SA-26:08.rpcsec_gss
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:08.rpcsecgss Security Advisory The FreeBSD Project Topic: Remote code execution via RPCSECGSS packet validation Category: core Module: rpcsecgss Announced:...
EulerOS 2.0 SP12 : sssd (EulerOS-SA-2026-1382)
According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, th...
EulerOS 2.0 SP13 : sssd (EulerOS-SA-2026-1262)
According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, th...
sssd default kerberos configuration allows privilege escalation on ad-joined linux systems
A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...
ROS-20260220-73-0022
A vulnerability in the ksmbdkrb5authenticate function of the ksmbd component of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
GHSA-CP6G-7HQX-QXHP mongo-go-driver has Heap Out-of-Bounds Read in GSSAPI Error Handling
The mongo-go-driver repository contains CGo bindings for GSSAPI Kerberos authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not...