CVE-2024-53095

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...

CVE-2024-53095

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...

CVE-2024-53095

CVE-2024-53095 – Linux kernel SMB CIFS client UAF Issue: The CIFS/SMB client in the Linux kernel can use-after-free the network namespace (netns) when sockets are freed after the netns lifetime, triggering oopses during reconnect in Kubernetes pods that mount CIFS shares in non-root netns. Root c...

CVE-2024-53095 smb: client: Fix use-after-free of network namespace.

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. 0 The workload runs on Kubernetes, and some pods mount CIFS servers in non-root...

Stored XSS

Description Due to insufficient validation of uploaded files - bad actors can upload malicious SVG file with XSS payload. That leads to Stored XSS. Because accessToken cookie has valid HttpOnly flag, can not take victims cookie there in this way, but please keep in mind that XSS in general is abo...

Nextcloud: Code injection possible with malformed Nextcloud Talk chat commands

Summary The Nextcloud Talk app allows system administrators to setup chat commands that can be executed in Talk using the "/command" syntax. Users can provide additional arguments to the commands, such as "/calc 1+1" or "/wiki Hello", which are passed to the underlying script using @exec. If...