UBUNTU-CVE-2026-4408

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

SUSE CVE-2026-31937

Suricata is a network IDS, IPS and NSM engine. Prior to version 7.0.15, inefficiency in DCERPC buffering can lead to a performance degradation. This issue has been patched in version 7.0.15...

UBUNTU-CVE-2026-22258

Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading to memory exhaustion and the process getting killed. While reported for DCERPC over UDP, it is believed that DCERPC over TCP and SMB...

CVE-2026-20026

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...

CVE-2026-20027

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...

CVE-2026-20026 Multiple Cisco Products Snort 3 DCERPC Vulnerabilities

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...

CVE-2026-20027 Cisco Snort DCERPC Stub Data Out of Bounds Read

Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, resulting in an interruption of packet inspection. This vulnerabili...

Multiple Cisco Products Snort 3 Distributed Computing Environment/Remote Procedure Call Vulnerabilities

Multiple Cisco products are affected by vulnerabilities in the processing of Distributed Computing Environment Remote Procedure Call DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, which would...

Cisco Secure Firewall Threat Defense和Cisco UTD SNORT IPS Engine Software 信息泄露漏洞

Cisco Secure Firewall Threat Defense and Cisco UTD SNORT IPS Engine Software are both products of Cisco, Inc.Cisco Secure Firewall Threat Defense is an integrated firewall platform. Cisco UTD SNORT IPS Engine Software is an intrusion detection and defense engine. An information disclosure...

PT-2026-2046

Name of the Vulnerable Software and Affected Versions Cisco Snort affected versions not specified Description A flaw exists in the processing of DCE/RPC requests that may allow a remote, unauthenticated attacker to cause the Snort 3 Detection Engine to leak sensitive information or restart, leadi...

CVE-2021-23192

...

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a perpetrator to execute arbitrary code.

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, VMware vCenter Server, arises due to a buffer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted network packet remotely...

[SECURITY] Fedora 39 Update: perl-Data-UUID-1.227-1.fc39

This module provides a framework for generating v3 UUIDs Universally Unique Identifiers, also known as GUIDs Globally Unique Identifiers. A UUID is 128 bits long, and is guaranteed to be different from all other UUIDs/GUIDs generated until 3400 CE. UUIDs were originally used in the Network...

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a attacker to cause a service failure.

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, such as VMware vCenter Server, is caused by a buffer overflow in memory. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a attacker to cause service failures or execute arbitrary code.

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, VMware vCenter Server, is caused by a buffer overflow in memory. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

The vulnerability of the DCE/RPC process callaway system for operating systems like MacOS allows a perpetrator to execute arbitrary code.

The vulnerability of the DCE/RPC process callouts system for MacOS operating systems relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

AZL-8903 CVE-2021-23192 affecting package samba 4.12.5-7

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-13059)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. The vulnerability can be exploited to allow a remote privileged user to compute...

samba: Subsequent DCE/RPC fragment injection vulnerability

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

UBUNTU-CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...