Lucene search
K

208 matches found

OSV
OSV
added 2025/04/16 3:15 p.m.1 views

UBUNTU-CVE-2025-22037

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in allocpreauthhash The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn-preauthinfo is not...

5.5CVSS6.2AI score0.28222EPSS
Exploits0References25
Debian CVE
Debian CVE
added 2025/04/16 2:11 p.m.8 views

CVE-2025-22037

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference in allocpreauthhash The Client send malformed smb2 negotiate request. ksmbd return error response. Subsequently, the client can send smb2 session setup even thought conn-preauthinfo is not...

5.5CVSS5.5AI score0.28222EPSS
Exploits0
CNNVD
CNNVD
added 2025/04/16 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference when ksmbd is not assigned preauthinfo...

5.5CVSS6.5AI score0.28222EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The binding mark of a reused connection was unset. Steve French reported a null pointer dereference error from the sha256 library. The cifs.ko module can send session setup requests using a reused connection. If a reuse...

5.5CVSS6.4AI score0.00276EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.9 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The issue related to “slab-use-after-free” in smb3preauthhashrsp has been fixed. The function ksmbdusersessionput should be called under smb3preauthhashrsp. This will prevent freeing a session before calling...

7.8CVSS6.5AI score0.00243EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/01/29 8:0 a.m.5 views

ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

...

7.8CVSS7.7AI score0.00243EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2024/11/19 3:49 a.m.4 views

SUSE CVE-2024-50283

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3preauthhashrsp ksmbdusersessionput should be called under smb3preauthhashrsp. It will avoid freeing session before calling smb3preauthhashrsp...

7.8CVSS7.4AI score0.00243EPSS
Exploits0References3
OSV
OSV
added 2024/11/19 2:16 a.m.1 views

DEBIAN-CVE-2024-50283

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3preauthhashrsp ksmbdusersessionput should be called under smb3preauthhashrsp. It will avoid freeing session before calling smb3preauthhashrsp...

7.8CVSS6.2AI score0.00243EPSS
Exploits0References1
OSV
OSV
added 2024/11/19 2:16 a.m.7 views

UBUNTU-CVE-2024-50283

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3preauthhashrsp ksmbdusersessionput should be called under smb3preauthhashrsp. It will avoid freeing session before calling smb3preauthhashrsp...

7.8CVSS6.5AI score0.00243EPSS
Exploits0References30
Vulnrichment
Vulnrichment
added 2024/11/19 1:30 a.m.6 views

CVE-2024-50283 ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3preauthhashrsp ksmbdusersessionput should be called under smb3preauthhashrsp. It will avoid freeing session before calling smb3preauthhashrsp...

7.2AI score0.00243EPSS
Exploits0References5
OSV
OSV
added 2024/09/18 8:15 a.m.12 views

AZL-49383 CVE-2024-46795 affecting package kernel for versions less than 5.15.167.1-1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

5.5CVSS6.3AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2024/09/18 8:15 a.m.2 views

DEBIAN-CVE-2024-46795

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

5.5CVSS5.6AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2024/09/18 8:15 a.m.3 views

UBUNTU-CVE-2024-46795

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

5.5CVSS6.5AI score0.00276EPSS
Exploits0References18
GithubExploit
GithubExploit
added 2024/05/19 11:14 p.m.430 views

Exploit for Code Injection in Gitlab

CVE-2021-22205 Preauth RCE via exiftool on Gitlab CE/EE...

10CVSS8.9AI score0.99731EPSS
Exploits30
0day.today
0day.today
added 2024/02/05 12:0 a.m.320 views

Juniper SRX Firewalls&EX switches - PreAuth Remote Code Execution Exploit

Exploit Title: juniper-SRX-Firewalls&EX-switches PreAuth-RCE PoC Description: This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo function on the login page of the target device, allowing to inspect the PHP configuration. also this...

9.8CVSS9.8AI score0.93546EPSS
Exploits25
Exploit DB
Exploit DB
added 2024/02/02 12:0 a.m.529 views

Juniper-SRX-Firewalls&EX-switches - (PreAuth-RCE) (PoC)

Exploit Title: juniper-SRX-Firewalls&EX-switches PreAuth-RCE PoC Description: This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo function on the login page of the target device, allowing to inspect the PHP configuration. also this...

9.8CVSS9.8AI score0.93546EPSS
Exploits25
ATTACKERKB
ATTACKERKB
added 2023/11/17 6:15 a.m.3 views

CVE-2023-38320

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a showpreauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS a Denial-of-Service condition. This problem...

7.5CVSS7.1AI score0.00956EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2023/07/31 5:25 a.m.376 views

Exploit for CVE-2023-38646

Poc-Metabase-Preauth-CVE-2023-38646 Ho to use? λ cve git...

9.8CVSS9.6AI score0.97924EPSS
Exploits36
GithubExploit
GithubExploit
added 2023/07/31 5:25 a.m.360 views

Exploit for CVE-2023-38646

Poc-Metabase-Preauth-CVE-2023-38646 Ho to use? λ cve git...

9.8CVSS9.6AI score0.97924EPSS
Exploits36
GithubExploit
GithubExploit
added 2023/07/31 5:25 a.m.307 views

Exploit for CVE-2023-38646

Poc-Metabase-Preauth-CVE-2023-38646 Ho to use? λ cve git...

9.8CVSS9.6AI score0.97924EPSS
Exploits36
Rows per page
Query Builder