Lucene search
+L

285 matches found

Github Security Blog
Github Security Blog
added 2026/06/18 9:9 p.m.18 views

PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks

Summary JWSVerifier::getAlgorithm in src/Library/Signature/JWSVerifier.php line 144 merges protected and unprotected headers using PHP's spread operator: php $completeHeader = ...$signature-getProtectedHeader, ...$signature-getHeader; In PHP, when spreading arrays with duplicate string keys, the...

5.4AI score
Exploits0References3Affected Software4
OSV
OSV
added 2026/06/10 4:47 p.m.9 views

USN-8306-2 samba vulnerabilities

USN-8306-1 fixed vulnerabilities in Samba. This update provides the corresponding updates for CVE-2026-3238, CVE-2026-4408, and CVE-2026-4480 in Ubuntu 20.04 LTS. Original advisory details: Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point...

9.8CVSS6.2AI score0.12797EPSS
Exploits9References4
OSV
OSV
added 2026/06/08 9:16 a.m.10 views

ALPINE-CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

7.5CVSS5.5AI score0.02669EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 9:16 a.m.21 views

CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

7.5CVSS0.02669EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:34 a.m.7 views

CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

7.5CVSS5.4AI score0.02669EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/08 7:34 a.m.9 views

CVE-2026-3238 Samba: denial of service against ad dc wins server

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

7.5CVSS5.4AI score0.02669EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/08 7:34 a.m.59 views

CVE-2026-3238 Samba: denial of service against ad dc wins server

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

7.5CVSS0.02669EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 7:34 a.m.50 views

CVE-2026-3238

CVE-2026-3238 affects Samba’s WINS server in AD DCs, where unauthenticated UDP packets can trigger a NULL pointer dereference and crash the WINS service. Public details confirm the issue is a denial of service vector; no exploit details are provided in the documents. Remediation publicly document...

7.5CVSS5.4AI score0.02669EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 3:49 p.m.10 views

OESA-2026-2577 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: '-------- Forwarded Message --------', 'Date: Tue, 26 May 2026 14:29:50 +0200', 'Reply-To: Stefan Metzmacher metze samba org', 'Release Announcements\n---------------------\n\nThis is a security release ...

9.8CVSS6.5AI score0.12797EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.37 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Samba vulnerabilities (USN-8306-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8306-1 advisory. Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacke...

9.8CVSS6.2AI score0.12797EPSS
Exploits9References7
Ubuntu
Ubuntu
added 2026/05/26 1:32 p.m.20 views

USN-8306-1: Samba vulnerabilities

Asim Viladi Oglu Manizada discovered that Samba incorrectly handled access checks on reparse point operations. An attacker could possibly use this issue to modify reparse point extended attributes on files that should have been read-only. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS...

9.8CVSS6.2AI score0.12797EPSS
Exploits9
OSV
OSV
added 2026/05/26 12:0 a.m.15 views

UBUNTU-CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

7.5CVSS5.3AI score0.02669EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/26 12:0 a.m.12 views

CVE-2026-3238

A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer dereference and crash the...

7.5CVSS6.9AI score0.02669EPSS
Exploits0References3
Samba
Samba
added 2026/05/26 12:0 a.m.14 views

Denial of service against AD DC WINS server

Description The Windows Internet Naming Service 1 is an unauthenticated service for registering and looking up names in a NetBIOS network running on TCP and UDP 2. The protocol handlers for the RELEASE and MULTIHOMEREG packets in the WINS server running when Samba is configured as an Active...

7.5CVSS5.8AI score0.02669EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-3238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba's WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types di...

7.5CVSS5.5AI score0.02669EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43436

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users who possess underlying filesyst...

7.5CVSS5.8AI score0.00939EPSS
Exploits0References87
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.30 views

PT-2026-43439

Name of the Vulnerable Software and Affected Versions ctdb versions prior to 4.23.8+git.477.f78166bceed-1.1 Description A denial of service issue exists against the AD DC WINS server. Recommendations Update to version 4.23.8+git.477.f78166bceed-1.1...

7.8CVSS5.4AI score0.02669EPSS
Exploits0References47
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.21 views

PT-2026-43438

Name of the Vulnerable Software and Affected Versions Samba affected versions not specified Description A flaw exists in the handling of certificate auto-enrollment Group Policy. When this feature is enabled, Samba may retrieve a CA certificate via an unencrypted HTTP connection and install it in...

8CVSS5.8AI score0.02669EPSS
Exploits0References103
OSV
OSV
added 2026/05/16 12:52 a.m.13 views

MGASA-2026-0142 Updated samba packages fix security vulnerabilities

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. CVE-2018-14628 Command injection in wins server hook...

10CVSS6.8AI score0.40121EPSS
Exploits3References3
Mageia
Mageia
added 2026/05/16 12:52 a.m.17 views

Updated samba packages fix security vulnerabilities

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. CVE-2018-14628 Command injection in wins server hook...

10CVSS6.8AI score0.40121EPSS
Exploits3References2
Rows per page
Query Builder