CVE-2026-1933
- EPSS 0.86%
- Veröffentlicht 27.05.2026 12:28:44
- Zuletzt bearbeitet 03.07.2026 13:16:58
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point m...
CVE-2026-2340
- EPSS 0.94%
- Veröffentlicht 27.05.2026 12:09:32
- Zuletzt bearbeitet 02.07.2026 20:17:02
A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an...
CVE-2026-3012
- EPSS 0.26%
- Veröffentlicht 27.05.2026 10:02:21
- Zuletzt bearbeitet 03.07.2026 13:17:10
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without prop...
CVE-2026-48864
- EPSS 0.21%
- Veröffentlicht 26.05.2026 16:16:07
- Zuletzt bearbeitet 09.07.2026 16:16:41
A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, ...
CVE-2026-4480
- EPSS 12.8%
- Veröffentlicht 26.05.2026 13:56:32
- Zuletzt bearbeitet 30.06.2026 03:20:33
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remot...
CVE-2026-9149
- EPSS 0.29%
- Veröffentlicht 20.05.2026 23:34:56
- Zuletzt bearbeitet 27.06.2026 00:16:49
A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv` function. This leads to an undersized memory allocation and a ...
CVE-2026-9150
- EPSS 0.4%
- Veröffentlicht 20.05.2026 23:16:36
- Zuletzt bearbeitet 29.06.2026 17:16:30
A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit this by providing malicious SHA384 or SHA51...
CVE-2026-9064
- EPSS 0.82%
- Veröffentlicht 20.05.2026 09:00:42
- Zuletzt bearbeitet 30.06.2026 03:21:45
A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request c...
CVE-2026-42009
- EPSS 1.34%
- Veröffentlicht 18.05.2026 12:44:45
- Zuletzt bearbeitet 08.07.2026 13:16:42
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle...
CVE-2026-42010
- EPSS 1.05%
- Veröffentlicht 07.05.2026 12:16:17
- Zuletzt bearbeitet 08.07.2026 13:16:42
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted...