Lucene search
+L

68 matches found

Ubuntu
Ubuntu
added 2026/05/26 1:32 p.m.20 views

USN-8306-1: Samba vulnerabilities

Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS...

9.8CVSS6.2AI score0.12797EPSS
Exploits9
OSV
OSV
added 2026/05/26 1:32 p.m.16 views

USN-8306-1 samba vulnerabilities

Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS...

9.8CVSS6.2AI score0.12797EPSS
Exploits9References7
SUSE Linux
SUSE Linux
added 2026/05/26 12:36 p.m.19 views

Security update for samba

This update for samba fixes the following issues Security issues: CVE-2026-1933: Missing access check on reparse point operations bsc1261188. CVE-2026-2340: vfsworm does not block directory modification bsc1261158. CVE-2026-3012: group policy certificate enrollment uses http: // without validatio...

10CVSS5.9AI score0.12797EPSS
Exploits9References30
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.26 views

PT-2026-43437

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the vfs worm module, which is designed to provide write-once, read-many WORM protections by preventing file modifications after a specific grace period. Due to insufficient...

7.5CVSS5.8AI score0.02669EPSS
Exploits0References85
UbuntuCve
UbuntuCve
added 2026/05/26 12:0 a.m.14 views

CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS6.9AI score0.00862EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43436

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users who possess underlying filesyst...

7.5CVSS5.8AI score0.00939EPSS
Exploits0References87
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.21 views

PT-2026-43438

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of certificate auto-enrollment Group Policy. When this feature is enabled, Samba may retrieve a CA certificate via an unencrypted HTTP connection and install it in...

8CVSS5.8AI score0.02669EPSS
Exploits0References103
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.31 views

PT-2026-43439

Name of the Vulnerable Software and Affected Versions ctdb versions prior to 4.23.8+git.477.f78166bceed-1.1 Description A denial of service issue exists against the AD DC WINS server. Recommendations Update to version 4.23.8+git.477.f78166bceed-1.1...

7.8CVSS5.4AI score0.02669EPSS
Exploits0References47
OSV
OSV
added 2026/05/26 12:0 a.m.7 views

UBUNTU-CVE-2026-1933

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.7AI score0.00862EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/05 3:30 p.m.8 views

EUVD-2026-9822

Avira Internet Security contains a time-of-check time-of-use TOCTOU vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target...

8.5CVSS6AI score0.00102EPSS
Exploits0References5
NVD
NVD
added 2026/03/05 3:16 p.m.9 views

CVE-2026-27748

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

7.8CVSS0.00179EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/05 2:15 p.m.34 views

CVE-2026-27748 Avira Internet Security Arbitrary File Deletion via Improper Link Resolution

Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\ProgramData without validating whether the path resolves through a symbolic link or reparse point...

7.8CVSS0.00179EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/01 12:17 p.m.20 views

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

7CVSS7.7AI score0.0014EPSS
Exploits1References1
NVD
NVD
added 2025/12/31 4:15 p.m.7 views

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

7CVSS0.0014EPSS
Exploits1References1
OSV
OSV
added 2025/12/31 4:15 p.m.5 views

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

7CVSS6.3AI score0.0014EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/31 12:0 a.m.3 views

CVE-2025-61037

A local privilege escalation vulnerability exists in SevenCs ORCA G2 2.0.1.35 EC2007 Kernel v5.22. The flaw is a Time-of-Check Time-of-Use TOCTOU race condition in the license management logic. The regService process, which runs with SYSTEM privileges, creates a fixed directory and writes files...

7.4AI score0.0014EPSS
Exploits1References1
CVE
CVE
added 2025/12/31 12:0 a.m.22 views

CVE-2025-61037

SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22) is affected by a local TOCTOU race in the license management logic. The regService process (SYSTEM) creates a fixed directory and writes files without verifying NTFS reparse points; an attacker can race to replace the directory with a junction to a u...

7CVSS7.4AI score0.0014EPSS
Exploits1References1Affected Software2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-20956

Malicious code in bioql PyPI...

7.8CVSS6.6AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:26 a.m.7 views

CVE-2024-23458

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...

7.8CVSS6.8AI score0.00115EPSS
Exploits0References1
NVD
NVD
added 2024/08/06 4:15 p.m.25 views

CVE-2024-23458

While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows 4.2.0.190...

7.8CVSS0.00115EPSS
Exploits0References1
Rows per page
Query Builder