CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

Linux Distros Unpatched Vulnerability : CVE-2026-46243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority- bearing fields such as pid, uid, creduid, and upcalltarge...

CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

CVE-2026-46243

The CVE-2026-46243 entry concerns the Linux kernel CIFS client. It fixes a bug where cifs.spnego key descriptions could be created by userspace (via request_key(2) or add_key(2)) and include fields (pid, uid, creduid, upcall_target) that are treated as kernel-origin inputs. The fix restricts acce...

CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

EUVD-2026-33668

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in handling shiroSavedRequest cookies, which use unprotected/unencrypted values for SAVEDREQUESTKEY. An authenticated user can cause the server to make blind HTTP GET requests to arbitrary URLs or redirect users to untrust...

PT-2026-45478

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 6.18.34 Linux kernel versions prior to 6.12.92 Linux kernel versions prior to 6.6.142 Linux kernel versions prior to 6.1.175 Linux kernel versions prior to 5.15.209 Linux...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003336)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003336 advisory. The keyringsearchaux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service NULL pointer dereference...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001193 advisory. The keyringsearchaux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service NULL pointer dereference...

SUSE CVE-2025-68299

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by...

CVE-2025-68299

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by...

CVE-2025-68299

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by...

UBUNTU-CVE-2025-68299

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by...

CVE-2025-68299 afs: Fix delayed allocation of a cell's anonymous key

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by...

PT-2025-51703

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the allocation of a cell's anonymous key within the AFS Andrew File System subsystem. Specifically, the issue arises from delayed allocation ...

EUVD-2016-3595

Malware in sbrugna...