11 matches found
CVE-2026-31717
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to...
PT-2026-36347
Name of the Vulnerable Software and Affected Versions Linux kernel ksmbd affected versions not specified Description The ksmbd SMB server fails to verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows an authenticated user to...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper validation of repository ownership in the delete process for Git LFS locks. An attacker can remove LFS locks from repositories they do not own by leveraging write access to a...
GHSA-6JM8-X3G6-R33J Soft Serve is missing an authorization check in LFS lock deletion
LFS Lock Force-Delete Authorization Bypass Summary An authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setting the force flag. The vulnerable code path processes force deletions before...
Mintlify 安全漏洞
Mintlify is an AI-powered documentation platform from US-based Mintlify. A security vulnerability exists in versions of Mintlify prior to 2025-11-15, which stems from not validating the repository owner in the GitHub Integration API, potentially leading to the disclosure of sensitive information...
PT-2025-40599
Name of the Vulnerable Software and Affected Versions OpenSupports version 4.11.0 Description The software exposes an endpoint that allows modification of the 'supervised users' list for any account without verifying ownership. This allows a Level 1 staff member to alter the supervision...
Linux Distros Unpatched Vulnerability : CVE-2018-15869
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Amazon Web Services AWS developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source...
Lack of owner verification in EIP-1271 signature check
Lines of code Vulnerability details Description In the checkSignatures there are checks that the signer is the account owner, but in the case of EIP-1271 signature check there are no such checks: // If v is 0 then it is a contract signature // When handling contract signatures the address of the...
DEBIAN-CVE-2019-7304
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1...
CVE-2019-7304
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1...
Input validation
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1...