Lucene search
K

223 matches found

RedhatCVE
RedhatCVE
added 2023/10/11 11:12 a.m.39 views

CVE-2023-4091

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "aclxattr" is configured with "aclxattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only acces...

6.5CVSS6.9AI score0.01174EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/10/11 1:48 a.m.3 views

SUSE CVE-2023-4091

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "aclxattr" is configured with "aclxattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only acces...

6.5CVSS6.7AI score0.01174EPSS
Exploits0References13
OpenVAS
OpenVAS
added 2023/10/11 12:0 a.m.22 views

Samba File Truncation Vulnerability (CVE-2023-3347)

Samba is prone to a file truncation vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba"; ifdescription...

6.5CVSS7AI score0.01174EPSS
Exploits0References2
OSV
OSV
added 2023/10/10 3:1 p.m.5 views

USN-6425-1 samba vulnerabilities

Sri Nagasubramanian discovered that the Samba aclxattr VFS module incorrectly handled read-only files. When Samba is configured to ignore system ACLs, a remote attacker could possibly use this issue to truncate read-only files. CVE-2023-4091 Andrew Bartlett discovered that Samba incorrectly handl...

7.5CVSS6.8AI score0.01723EPSS
Exploits0References5
OSV
OSV
added 2023/10/10 12:0 a.m.3 views

UBUNTU-CVE-2023-4091

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "aclxattr" is configured with "aclxattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only acces...

6.5CVSS6.8AI score0.01174EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2023/10/10 12:0 a.m.39 views

CVE-2023-4091

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "aclxattr" is configured with "aclxattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only acces...

6.5CVSS6.8AI score0.01174EPSS
Exploits0References4
Samba
Samba
added 2023/10/10 12:0 a.m.44 views

SMB clients can truncate files with

Description The SMB protocol allows opening files where the client requests read-only access, but then implicitly truncating the opened file if the client specifies a separate OVERWRITE create disposition. This operation requires write access to the file, and in the default Samba configuration th...

6.5CVSS6.7AI score0.01174EPSS
Exploits0
FreeBSD
FreeBSD
added 2023/10/03 12:0 a.m.26 views

FreeBSD -- msdosfs data disclosure

Problem Description: In certain cases using the truncate or ftruncate system call to extend a file size populates the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. Impact: A user with write access to files on a msdosfs file system may ...

6.5CVSS6.9AI score0.00535EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/27 12:0 a.m.25 views

Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2023-013 (ALASFIREFOX-2023-013)

The version of firefox installed on the remote host is prior to 102.7.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2023-013 advisory. Mozilla developers and community members Julian Hector, Randell Jesup, Gabriele Svelto, Tyson Smith, Christian...

9.8CVSS8.5AI score0.23941EPSS
Exploits2References36
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.43 views

Oracle Linux 6 / 7 : php54 (ELSA-2015-1066)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1066 advisory. - fix use after free CVE-2015-1351 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note tha...

10CVSS7.2AI score0.53166EPSS
Exploits43References29
Positive Technologies
Positive Technologies
added 2023/08/02 12:0 a.m.10 views

PT-2023-6232

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl xattr" is configured with "acl...

9.8CVSS7.6AI score0.74265EPSS
Exploits14References215
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.3 views

SUSE CVE-2016-8684

The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."...

7.8CVSS7.3AI score0.02233EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 4:56 a.m.3 views

SUSE CVE-2016-8683

The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure and a "file truncation error for corrupt file."...

7.8CVSS7.3AI score0.01831EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/01/14 12:0 a.m.29 views

Rocky Linux 8 : thunderbird (RLSA-2022:9074)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:9074 advisory. - A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox This bug only affects...

9.8CVSS8.3AI score0.00921EPSS
Exploits0References8
Mageia
Mageia
added 2022/12/30 10:39 p.m.52 views

Updated thunderbird packages fix security vulnerability

Drag and Dropped Filenames could have been truncated to malicious extensions. CVE-2022-46874...

8.8CVSS2.4AI score0.00884EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.19 views

CVE-2022-46874

A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.Note: This issue was originally included in the advisories for Thunderbird...

8.9AI score0.00884EPSS
Exploits0References7
CVE
CVE
added 2022/12/22 12:0 a.m.207 views

CVE-2022-46874

CVE-2022-46874 describes a filename truncation issue where a long filename could lose its valid extension, leaving a malicious extension that could confuse users or lead to execution of malicious code. Public reports indicate affected products include Firefox versions before 108 and Thunderbird v...

8.8CVSS8.7AI score0.00884EPSS
Exploits0References7Affected Software3
Tenable Nessus
Tenable Nessus
added 2022/12/16 12:0 a.m.35 views

AlmaLinux 8 : firefox (ALSA-2022:9067)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:9067 advisory. - An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages. This...

9.8CVSS8.1AI score0.00921EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/12/16 12:0 a.m.25 views

AlmaLinux 8 : thunderbird (ALSA-2022:9074)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:9074 advisory. - Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remo...

9.8CVSS8.1AI score0.00921EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2022/12/16 12:0 a.m.29 views

RHEL 8 : thunderbird (RHSA-2022:9077)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9077 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.6.0. Security Fixes: Mozilla:...

9.8CVSS8AI score0.00921EPSS
Exploits0References16
Rows per page
Query Builder