Lucene search
K

206 matches found

OSV
OSV
added 2023/07/19 12:0 a.m.3 views

UBUNTU-CVE-2023-3347

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, suc...

5.9CVSS6.7AI score0.0039EPSS
Exploits0References4
Citrix
Citrix
added 2023/07/13 12:0 a.m.11 views

MS KB5014754 - Audit events found for FAS

As Per the Microsoft KB linked below, we have found audit events on our domain controllers that indicate we will be impacted when this change is enforced. We need the remediation steps, so we can implement them before we're impacted...

7AI score
Exploits0
Kitploit
Kitploit
added 2023/06/24 12:30 p.m.23 views

msLDAPDump - LDAP Enumeration Tool

msLDAPDump simplifies LDAP enumeration in a domain environment by wrapping the lpap3 library from Python in an easy-to-use interface. Like most of my tools, this one works best on Windows. If using Unix, the tool will not resolve hostnames that are not accessible via eth0 currently. Binding...

7.3AI score
Exploits0References4
The Hacker News
The Hacker News
added 2023/06/19 9:33 a.m.3 views

State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and sensiti...

8.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/19 9:33 a.m.64 views

State-Backed Hackers Employ Advanced Methods to Target Middle Eastern and African Governments

Governmental entities in the Middle East and Africa have been at the receiving end of sustained cyber-espionage attacks that leverage never-before-seen and rare credential theft and Exchange email exfiltration techniques. "The main goal of the attacks was to obtain highly confidential and sensiti...

8.4AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/06/05 11:14 a.m.10 views

The Software-Defined Car

Developers are starting to talk about the software-defined car. For decades, features have accumulated like cruft in new vehicles: a box here to control the antilock brakes, a module there to run the cruise control radar, and so on. Now engineers and designers are rationalizing the way they go...

7.3AI score
Exploits0
Microsoft KB
Microsoft KB
added 2023/04/11 7:0 a.m.299 views

April 11, 2023—KB5025230 (OS Build 20348.1668)

April 11, 2023—KB5025230 OS Build 20348.1668 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when...

9.8CVSS8.1AI score0.95454EPSS
Exploits31
OSV
OSV
added 2023/03/06 11:15 p.m.8 views

AZL-25602 CVE-2022-45141 affecting package samba 4.12.5-7

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

9.8CVSS6.5AI score0.00454EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.35 views

K21595932: Samba vulnerability CVE-2018-1057

Security Advisory Description On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service...

8.8CVSS7.4AI score0.10308EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.3 views

SUSE CVE-2019-14902

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers...

5.4CVSS9.2AI score0.01521EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.4 views

Microsoft Windows Netlogon 安全漏洞

Microsoft Windows Netlogon is an important component of Windows from Microsoft Corporation USA, whose main functions are authentication of users and machines on intra-domain networks and replication of databases for domain-controlled backups, as well as maintenance of domain member-to-domain,...

7.5CVSS7.5AI score0.01978EPSS
Exploits0References5
OSV
OSV
added 2023/01/06 11:4 a.m.2 views

OESA-2023-1016 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DC...

9.8CVSS6.7AI score0.00454EPSS
Exploits0References2
OSV
OSV
added 2023/01/06 11:4 a.m.3 views

OESA-2023-1018 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DC...

9.8CVSS6.7AI score0.02772EPSS
Exploits0References3
OSV
OSV
added 2022/12/16 12:0 a.m.3 views

UBUNTU-CVE-2022-45141

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption...

9.8CVSS6.6AI score0.00454EPSS
Exploits0References7
Microsoft KB
Microsoft KB
added 2022/11/17 12:0 a.m.5 views

KB5021657: Out-of-band update for Windows Server 2008 SP2: November 17, 2022

KB5021657: Out-of-band update for Windows Server 2008 SP2: November 17, 2022 Summary This update includes improvements for the following issue: Addresses a known issue that affects Windows Servers that have the Domain Controller DC role. They might have Kerberos authentication issues if both of t...

6.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 2022/11/17 12:0 a.m.3 views

November 17, 2022—KB5021655 (OS Build 17763.3653) Out-of-band

November 17, 2022—KB5021655 OS Build 17763.3653 Out-of-band 10/11/22 REMINDER As of September 20, 2022, there are no more optional, non-security preview releases for the 2019 LTSC editions and Windows Server 2019. Only cumulative monthly security updates known as the "B" or Update Tuesday release...

7.5AI score
Exploits0
Microsoft KB
Microsoft KB
added 2022/11/17 12:0 a.m.7 views

KB5021653: Out-of-band update for Windows Server 2012 R2: November 17, 2022

KB5021653: Out-of-band update for Windows Server 2012 R2: November 17, 2022 Summary This update includes improvements for the following issue: Addresses a known issue that affects Windows Servers that have the Domain Controller DC role. They might have Kerberos authentication issues if both of th...

6.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 2022/11/17 12:0 a.m.4 views

November 17, 2022—KB5021656 (OS Build 20348.1251) Out-of-band

November 17, 2022—KB5021656 OS Build 20348.1251 Out-of-band 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B”...

7.5AI score
Exploits0
Kitploit
Kitploit
added 2022/06/20 9:30 p.m.33 views

SharpSniper - Find Specific Users In Active Directory Via Their Username And Logon IP Address

Often a Red Team engagement is more than just achieving Domain Admin. Some clients will want to see if specific users in the domain can be compromised, for example the CEO. SharpSniper is a simple tool to find the IP address of these users so that you can target their box. It requires that you ha...

7.3AI score
Exploits0References1
OSV
OSV
added 2022/06/14 10:15 p.m.3 views

CVE-2022-32230

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death BSOD crash of the Windows kernel. For most...

7.5CVSS7.3AI score0.06977EPSS
Exploits1References4
Rows per page
Query Builder