Fedora 45 : krb5 (2026-2e9fe57a46)

The remote Fedora 45 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2e9fe57a46 advisory. Automatic update for krb5-1.22.2-7.fc45. Changelog Tue Apr 28 2026 Julien Rische - 1.22.2-7 - Fix NegoEx parsing vulnerabilities CVE-2026-40355,...

MiracleLinux 9 : curl-7.76.1-14.el9.5.ML.1 (AXSA:2022-4407:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-4407:05 advisory. curl: HTTP compression denial of service CVE-2022-32206 curl: Unpreserved file permissions CVE-2022-32207 curl: FTP-KRB bad message verification...

MiracleLinux 4 : krb5-1.10.3-10.AXS4.1 (AXSA:2013-280:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-280:01 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...

FreeBSD : zeek -- information leak vulnerability (50fd6a75-0587-4987-bef2-bb933cd78ea1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 50fd6a75-0587-4987-bef2-bb933cd78ea1 advisory. Tim Wojtulewicz of Corelight reports: The KRB analyzer can leak information about hosts in analyzed...

FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...

FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...

FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...

Amazon Linux 2 : 389-ds-base, --advisory ALAS2-2025-3025 (ALAS-2025-3025)

The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3025 advisory. A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to...

EUVD-2025-31739

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-7493

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate t...

PT-2025-39997

Name of the Vulnerable Software and Affected Versions FreeIPA affected versions not specified Description A privilege escalation flaw exists in FreeIPA, allowing an attacker to escalate from a host user to a domain administrator. This issue is similar to CVE-2025-4404 and stems from a failure to...

freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the krbCanonicalName for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a...

SUSE CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

CVE-2025-37778

CVE-2025-37778 affects the Linux kernel’s ksmbd/kerberos path. The issue is a dangling pointer in krb_authenticate: it frees sess->user and may not null it; ksmbd_krb5_authenticate reinitialises sess->user, but may return without doing so, causing smb2_sess_setup to access freed memory. The...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a dangling pointer issue in krbauthenticate...

openSUSE: Security Advisory for curl (SUSE-SU-2022:2327-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl security update

7.76.1-19 - fix unpreserved file permissions CVE-2022-32207 - fix HTTP compression denial of service CVE-2022-32206 - fix FTP-KRB bad message verification CVE-2022-32208 7.76.1-18 - fix too eager reuse of TLS and SSH connections CVE-2022-27782 7.76.1-17 - fix leak of SRP credentials in redirects...