Overview
Description
Statistics
- 1 Post
- 2 Interactions
Fediverse
Davide Ornaghi and Giuseppe Caruso found a very interesting bug in #Linux's in-kernel Samba3 server from 6.12 to 6.19.x. Essentially, from the commit message and #CVE description:
> Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to hijack an orphaned durable handle by predicting or brute-forcing the persistent ID.
Very interesting stuff! The kernel let's users resume their connection to an open file even after WiFi drops (durable handle), and a bug in this code let another authenticated user become this WiFi-dropped user, letting the hijacker access all files.
https://github.com/TurtleARM/CVE-2026-31717-KSMBD-Exploit
CVE-2026-31717
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Fediverse
This kernel vulnerability looks interesting to look at.
crypto: caam - fix overflow on long hmac keys
VLAI Severity -> High (confidence: 0.9638)
Overview
- DrayTek
- Vigor 2960
Description
Statistics
- 1 Post
- 1 Interaction
Overview
Description
Statistics
- 1 Post
- 1 Interaction
Overview
- anthropics
- claude-code
Description
Statistics
- 1 Post
- 1 Interaction
Overview
Description
Statistics
- 1 Post
Overview
- Go standard library
- html/template
- html/template
Description
Statistics
- 1 Post
Overview
- Termix-SSH
- Termix
Description
Statistics
- 1 Post
Fediverse
⚠️ CRITICAL: CVE-2026-42454 in Termix-SSH (<2.1.0) enables authenticated users to inject OS commands via the containerId parameter, risking remote code execution on managed servers. Patch to 2.1.0 ASAP! https://radar.offseq.com/threat/cve-2026-42454-cwe-78-improper-neutralization-of-s-f64f9d23 #OffSeq #Vuln #CVE202642454 #InfoSec
Overview
- Go standard library
- net
- net
Description
Statistics
- 1 Post
Overview
- Go standard library
- net
- net
Description
Statistics
- 1 Post