Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

Linux Distros Unpatched Vulnerability : CVE-2025-37924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix use-after-free in kerberos authentication Setting sess-user = NULL was introduced to fix the dangling pointer created by ksmbdfreeuser. However, it i...

SUSE CVE-2025-37899

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in session logoff The sess-user object can currently be in use by another thread, for example if another connection has sent a session setup request to bind to the session being free'd. The handler for...

DEBIAN-CVE-2025-37924

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in kerberos authentication Setting sess-user = NULL was introduced to fix the dangling pointer created by ksmbdfreeuser. However, it is possible another thread could be operating on the session and make...

CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

DEBIAN-CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

UBUNTU-CVE-2025-37778

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix dangling pointer in krbauthenticate krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user but that function may return without doing so. If that...

PT-2025-22186

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue in the Linux kernel's ksmbd component, related to Kerberos authentication, has been identified. The problem arises when another thread operates on a session and us...

PT-2025-18459

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A dangling pointer issue in the krb authenticate function has been identified. The krb authenticate function frees sess-user but does not set the pointer to NULL. It then calls ksmbd krb...

CVE-2023-44293

In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance between v5.10.00.00 and v5.18.00.00, a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially le...

PT-2023-3671 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.4 Description: The issue is related to the function session user in the fs/ksmbd/smb2pdu.c module of the Linux kernel's KSMBD file system. It involves an out-of-bounds read due to improper checking of the...

[SECURITY] Fedora 28 Update: PackageKit-1.1.10-1.fc28

PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distro, cross-architecture API...

Tenable Appliance Arbitrary Command Execution Vulnerability

Tenable Appliance is a browser management program developed by Tenable Network Security. An arbitrary command execution vulnerability exists in Tenable Appliance versions 3.5 through 4.4.0. A remote attacker can inject arbitrary commands by manipulating the tnsappliancesessionuser parameter...

Samba Unicode Filename Buffer Overflow (CVE-2004-0882)

A vulnerability has been reported in the way Samba handles file information requests. A malformed request can trick the server into overflowing an incorrectly allocated buffer while generating a response. If certain conditions are met, an attacker can exploit this vulnerability to execute malicio...

PHPEMS多处存在水平权限问题

简要描述： PHPEMS多处存在水平权限问题 详细说明： 7.多处逻辑漏洞导致平行权限问题 Phems中多处存在平行权限问题，因为要杜绝这个问题必须每次数据库操作都要带上sessionuser但是phems的程序员却非常不配合，导致了多处存在平行权限的问题，我查阅了/app/exam/app.php这一页代码，给出具体出现的问题如下 1. 2108行附近 //删除一个错题记录// 平行权限漏洞 case 'delrecord': $recordid = $this-ev-get'questionid'; $this-favor-delRecord$recordid;...

TCExam <= 4.0.011 (SessionUserLang) Shell Injection Exploit

No description provided by source. ?php printr' -------------------------------------------------------------------------- TCExam = 4.0.011 $COOKIESessionUserLang shell injection exploit by rgod mail: retrog at alice dot it site: http://retrogod.altervista.org...