66 matches found
kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions
A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...
CVE-2026-46243
A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...
GHSA-FWF6-J56G-M97C Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click
Impact Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. When a user connects to a malicious SSH server, the attacker can print a crafted URI in the terminal output. If the victim clicks the link,...
[SECURITY] Fedora 42 Update: smb4k-4.0.6-1.fc42
Smb4K is an SMB/CIFS share browser for KDE. It uses the Samba software suite to access the SMB/CIFS shares of the local network neighborhood. Its purpose is to provide a program that's easy to use and has as many features as possible...
CVE-2026-20701
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to connect to a network share without user consent...
PT-2026-27552
Name of the Vulnerable Software and Affected Versions macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 Description An issue involving insufficient sandbox restrictions existed, potentially allowing an application to connect to a netwo...
PT-2026-27570
Name of the Vulnerable Software and Affected Versions macOS versions prior to Sequoia 15.7.5 macOS versions prior to Sonoma 14.8.5 macOS versions prior to Tahoe 26.4 Description A use-after-free issue existed due to improper memory management. Mounting a maliciously crafted SMB network share coul...
CVE-2026-27884
NetExec is a network execution tool. Prior to version 1.5.1, the module spiderplus improperly creates the output file and folder path when saving files from SMB shares. It does not take into account that it is possible for Linux SMB shares to have path traversal characters such as ../ in them. An...
Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly
Google on Wednesday said it discovered an unknown threat actor using an experimental Visual Basic Script VB Script malware dubbed PROMPTFLUX that interacts with its Gemini artificial intelligence AI model API to write its own source code for improved obfuscation and evasion. "PROMPTFLUX is writte...
CVE-2025-43724
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares...
EUVD-2025-33307
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to gain unauthorized access to NFSv4 or SMB shares...
EUVD-1999-0366
Malware in sbrugna...
CVE-1999-0366
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value...
Enhanced SSO session may experience problem accessing network shares or group policy updates
You have configured configured Enhanced SSO for Citrix workspace app and you are either on Windows 10 or Windows 11 endpoints. When you launch a desktop session and try to access the domain shares you may encounter the below prompt for credentials - You can also repoduce this issue by accessing t...
Medium: tomcat
Issue Overview: While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent...
VDA logs FAS event 107 continuously if Advyza is installed
Users cannot access Domain resources like Network shares, Internal websites, Applications which need Domain/Windows authentication after 5 minutes of logon. Users can access Domain resources soon after they logon, but if they try to access any new resource after 5 minutes, it fails or prompts for...
LOLKEK Ransomware Evolving New Tactics to Evade Detection
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LOLKEK ransomware is still being actively developed and uses new tactics to evade detection, including obfuscation, legitimate tools, and network shares. It encrypts all drives, including network shares,...
CVE-2023-22855
Kardex Mlog MCC 5.7.12+0-a203c2a213-master allows remote code execution. It spawns a web interface listening on port 8088. A user-controllable path is handed to a path-concatenation method Path.Combine from .NET without proper sanitisation. This yields the possibility of including local files, as...
SUSE CVE-2018-16872
A flaw was found in qemu Media Transfer Protocol MTP. The code opening files in usbmtpgetobject and usbmtpgetpartialobject and directories in usbmtpobjectreaddir doesn't consider that the underlying filesystem may have changed since the time lstat2 was called in usbmtpobjectalloc, a classical...
CVE-2022-26778
Veritas System Recovery VSR 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user who has sufficient privileges to access a network file system that they were not authorized to access...