Lucene search
K

53 matches found

NVD
NVD
added 2026/06/18 4:16 a.m.18 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 4:16 a.m.5 views

DEBIAN-CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/18 3:34 a.m.9 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6AI score0.0012EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 3:34 a.m.27 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/18 3:34 a.m.12 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.2 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: rejecting descriptions of cifs.spnego in user space Descriptions of cifs.spnego keys contain fields that carry authority, such as pid, uid, creduid, and upcalltarget. The cifs.upcall treats these fields as...

7.8CVSS6.4AI score0.00353EPSS
Exploits4References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.24 views

Linux Distros Unpatched Vulnerability : CVE-2026-46243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority- bearing fields such as pid, uid, creduid, and upcalltarge...

7.8CVSS6.7AI score0.00353EPSS
Exploits4References3
NVD
NVD
added 2026/06/01 5:17 p.m.47 views

CVE-2026-46243

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.8CVSS0.00353EPSS
Exploits4References43
Vulnrichment
Vulnrichment
added 2026/06/01 4:22 p.m.13 views

CVE-2026-46243 smb: client: reject userspace cifs.spnego descriptions

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.1CVSS5.8AI score0.00353EPSS
Exploits4References8
EUVD
EUVD
added 2026/06/01 4:22 p.m.15 views

EUVD-2026-33668

In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcalltarget that cifs.upcall treats as kernel-originating inputs. However,...

7.8CVSS5.8AI score0.00353EPSS
Exploits4References8
CVE
CVE
added 2026/06/01 4:22 p.m.357 views

CVE-2026-46243

The CVE-2026-46243 entry concerns the Linux kernel CIFS client. It fixes a bug where cifs.spnego key descriptions could be created by userspace (via request_key(2) or add_key(2)) and include fields (pid, uid, creduid, upcall_target) that are treated as kernel-origin inputs. The fix restricts acce...

7.8CVSS5.8AI score0.00353EPSS
Exploits4References43Affected Software1
Snyk
Snyk
added 2026/05/25 11:19 p.m.12 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect in handling shiroSavedRequest cookies, which use unprotected/unencrypted values for SAVEDREQUESTKEY. An authenticated user can cause the server to make blind HTTP GET requests to arbitrary URLs or redirect users to untrust...

5.4CVSS5.9AI score0.00383EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.31 views

PT-2026-45478

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 7.0.11 Linux kernel versions prior to 6.18.34 Linux kernel versions prior to 6.12.92 Linux kernel versions prior to 6.6.142 Linux kernel versions prior to 6.1.175 Linux kernel versions prior to 5.15.209 Linux...

7.8CVSS6.8AI score0.00353EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003336)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003336 advisory. The keyringsearchaux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service NULL pointer dereference...

5.5CVSS6.5AI score0.00385EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001193 advisory. The keyringsearchaux function in security/keys/keyring.c in the Linux kernel through 3.14.79 allows local users to cause a denial of service NULL pointer dereference...

5.5CVSS6.5AI score0.00385EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2025/12/18 12:24 a.m.4 views

SUSE CVE-2025-68299

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by...

6.7AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2025/12/16 4:16 p.m.7 views

CVE-2025-68299

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by...

0.00176EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/12/16 4:16 p.m.3 views

CVE-2025-68299

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by...

5.7AI score0.00176EPSS
Exploits0References10
OSV
OSV
added 2025/12/16 4:16 p.m.4 views

UBUNTU-CVE-2025-68299

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by...

5.7AI score0.00176EPSS
Exploits0References11
OSV
OSV
added 2025/12/16 3:6 p.m.6 views

CVE-2025-68299 afs: Fix delayed allocation of a cell's anonymous key

In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by...

6.6AI score0.00176EPSS
Exploits0References5
Rows per page
Query Builder