Lucene search
K

1784 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Corrected the incorrect validation of the next buffer length in smb2setea. There are multiple smb2eainfo buffers in the FILEFULLEAINFORMATION request from the client. ksmbd uses the NextEntryOffset of the current...

5.5CVSS6AI score0.00224EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed a potential Use-after-Free UAF in cifsdumpfullkey. Skipped sessions that are being terminated status == SESEXITING to avoid UAF...

7.8CVSS6.2AI score0.00237EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to unset link speed It isn’t guaranteed that NETWORKINTERFACEINFO::LinkSpeed will always be set by the server. Therefore, the client must handle any possible values and prevent such oopses from occurring...

5.5CVSS6.3AI score0.00167EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: fixed a small mempool leak in SMB2negotiate. In some cases of failures dialect mismatches in SMB2negotiate, after the request is sent, the checks would return -EIO. Instead, it should return rc = -EIO and then jump to negex...

5.5CVSS6.2AI score0.00146EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed a use-after-free in cifsoplockbreak. A race condition can occur in cifsoplockbreak, leading to a use-after-free of the cinode structure when unmounting: c cifsoplockbreak cifsFileInfoputcfile cifsFileInfoputfin...

7.8CVSS5.8AI score0.0015EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb3: Fixed temporary data corruption during the insert range operation. The insert range does not discard the affected cached data; therefore, there is a risk of temporarily corrupting file data. Some minor optimizations were...

3.3CVSS6.2AI score0.00195EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A use-after-free issue was fixed in smbbreakalllevIIoplock. There is a section within smbbreakalllevIIoplock that can cause race conditions when unlocking during the loop. This patch uses a read lock to protect the entire...

7CVSS6.2AI score0.00143EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevents out-of-bounds stream writes by validating pos. The ksmbdvfsstreamwrite function did not validate whether the write offset pos was within the bounds of the existing stream data length vlen. If pos was greater than ...

7.8CVSS6.2AI score0.00204EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: A use-after-free issue was fixed in ksmbdsessionrpcopen. A UAF Use-After-Free issue may occur due to a race condition between ksmbdsessionrpcopen and sessionrpcclose. Adding a rpclock to the session can help protect it...

7.8CVSS6.4AI score0.00195EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Samba

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions, when the Samba VFS module “aclxattr” is configured with “aclxattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only...

6.5CVSS6.7AI score0.01174EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: Client: Fixed an error in parsing OOB read responses for symlinks. When a CREATE command returns STATUSSTOPPEDONSYMLINK, the smb2checkmessage function returns success without performing any length validation. As a result,...

8.1CVSS6.5AI score0.00378EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: The rcubarrier function was called in ksmbdserverexit. The bug is triggered due to racing between closing a connection and the rmmod operation. In ksmbd, rcubarrier is not called at the time of module unloading, so nothing...

5.5CVSS5.5AI score0.00157EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/17 10:29 p.m.7 views

CVE-2026-48818

A flaw was found in Starlette, a lightweight ASGI framework. On Windows systems, the StaticFiles component is vulnerable to Server-Side Request Forgery SSRF. A remote attacker can exploit this by providing a specially crafted Universal Naming Convention UNC path, which causes the system to initia...

7.5CVSS5AI score0.00277EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 12:5 p.m.8 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS5.4AI score0.0031EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2026/06/17 9:22 a.m.5 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS5.3AI score0.0031EPSS
Exploits4References7
RedHat Linux
RedHat Linux
added 2026/06/17 6:53 a.m.4 views

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

7.8CVSS5.3AI score0.0031EPSS
Exploits4References7
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50000

Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne General Ledger version 9.2 Description A flaw in the E1 Foundation component allows a low-privileged attacker with network access via SMB Server Message Block, a network file sharing protocol to compromise the...

9.9CVSS5.8AI score0.00301EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/15 8:16 p.m.9 views

Server-side Request Forgery (SSRF)

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the StaticFiles file on Windows systems when handling UNC paths. An attacker can obtain NTLMv2 credentials of the service account by sending a...

8.8CVSS5.4AI score0.00277EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 5:18 p.m.9 views

External Control of File Name or Path

Overview org.webjars.npm:launch-editor is a launch editor from node.js Affected versions of this package are vulnerable to External Control of File Name or Path in the handling of UNC paths on Windows systems. An attacker can obtain NTLMv2 password hashes by tricking a user into accessing a...

8.3CVSS5.3AI score0.00322EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 5:11 p.m.3 views

SUSE-SU-2026:22137-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths bsc1248235. - CVE-2025-68324: scsi: imm: Fix use-after-free bug cause...

9.8CVSS5.6AI score0.93235EPSS
Exploits40References208
Rows per page
Query Builder