Lucene search
K

124 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago5 views

TencentOS Server 4: cifs-utils (TSSA-2026:0552)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0552 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References2
Amazon
Amazon
added 2026/07/07 12:0 a.m.4 views

Low: cifs-utils

Issue Overview: No CVE associated with this advisory Affected Packages: cifs-utils Issue Correction: Run dnf update cifs-utils --releasever 2023.12.20260706 or dnf update --advisory ALAS2023-2026-1927 --releasever 2023.12.20260706 to update your system. More information on how to update your syst...

7.8CVSS5.9AI score0.0012EPSS
Exploits0
OSV
OSV
added 2026/06/30 9:24 a.m.2 views

SUSE-SU-2026:2700-1 Security update for cifs-utils

This update for cifs-utils fixes the following issue - CVE-2026-12505: cifs.upcall local privilege escalation via requestkey-controlled namespace switch and NSS loading bsc1267389...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 9:21 a.m.4 views

SUSE-SU-2026:2699-1 Security update for cifs-utils

This update for cifs-utils fixes the following issue - CVE-2026-12505: cifs.upcall local privilege escalation via requestkey-controlled namespace switch and NSS loading bsc1267389...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/29 11:15 p.m.5 views

cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6AI score0.0012EPSS
Exploits0References5
NVD
NVD
added 2026/06/18 4:16 a.m.19 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/18 3:34 a.m.7 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.0012EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/18 3:34 a.m.13 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/18 3:34 a.m.8 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/18 3:34 a.m.16 views

EUVD-2026-37834

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 3:34 a.m.32 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.21 views

PT-2026-50619

Name of the Vulnerable Software and Affected Versions cifs-utils affected versions not specified Description A flaw exists in the cifs.upcall helper that fails to securely drop root privileges before performing user information lookups within a user-controlled environment. A local, low-privileged...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References29
RedHat Linux
RedHat Linux
added 2026/05/26 10:23 a.m.20 views

glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

5.4CVSS5.7AI score0.00189EPSS
Exploits1References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in glibc

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...

5.9CVSS6.6AI score0.01439EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in glibc

The Name Service Cache Daemon’s nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. This flaw was introduced in glibc 2.15, when the cache was added to nscd. This vulnerability only exists in the nscd binary...

7.4CVSS6.3AI score0.00403EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in glibc

Calling getnetbyaddr or getnetbyaddrr with a configured nsswitch.conf that specifies the library’s DNS backend can lead to a situation where a zero-valued network is queried during operations in the GNU C Library versions 2.0 to 2.42. This could result in the leakage of stack contents to the...

7.5CVSS7AI score0.00564EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/19 2:41 p.m.8 views

glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

5.4CVSS5.7AI score0.00189EPSS
Exploits1References5
OSV
OSV
added 2026/05/03 9:57 a.m.18 views

OESA-2026-2171 sssd security update

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2026/05/03 9:56 a.m.18 views

OESA-2026-2170 sssd security update

Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/29 10:8 a.m.8 views

CVE-2026-35368

A flaw was found in uutils coreutils. The chroot utility, when used with the --userspec option, resolves user specifications after entering a restricted environment chroot but before relinquishing root privileges. This can cause the Name Service Switch NSS, a system for resolving system...

7.8CVSS6AI score0.00136EPSS
Exploits1References2
Rows per page
Query Builder