Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.6 views

CoreWCF: SPNEGO SecurityContextToken proof key wrapped without confidentiality

Impact When the proof key recovered from the RSTR can be observed by a party that is not the legitimate client, that party can impersonate the authenticated Windows principal for the lifetime of the SCT default 10 hours and decrypt or forge any subsequent WS‑SecureConversation traffic that uses...

7.4CVSS5.9AI score0.00175EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/24 3:16 p.m.5 views

DEBIAN-CVE-2026-31610

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input. When ksmbddecodenegTokenInit reaches the mechToken 2 OCTET STRING...

5.5CVSS5.2AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/24 2:42 p.m.32 views

CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input. When ksmbddecodenegTokenInit reaches the mechToken 2 OCTET STRING...

0.00136EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/04/24 2:42 p.m.4 views

CVE-2026-31610

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input. When ksmbddecodenegTokenInit reaches the mechToken 2 OCTET STRING...

5.5CVSS5.2AI score0.00136EPSS
Exploits0
OSV
OSV
added 2009/03/27 4:30 p.m.1 views

DEBIAN-CVE-2009-0845

The spnegogssacceptseccontext function in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via invalid ContextFlags data in the reqFlags field in a...

5CVSS7.7AI score0.05628EPSS
Exploits2References1
Rows per page
Query Builder