Lucene search
K

1815 matches found

OSV
OSV
added 2024/04/16 8:56 p.m.6 views

USN-6725-2 linux-aws, linux-aws-5.15 vulnerabilities

Chih-Yen Chang discovered that the KSMBD implementation in the Linux kernel did not properly validate certain data structure fields when parsing lease contexts, leading to an out-of-bounds read vulnerability. A remote attacker could use this to cause a denial of service system crash or possibly...

9.8CVSS7AI score0.17442EPSS
Exploits0References47
OSV
OSV
added 2024/04/09 5:15 p.m.1 views

CVE-2024-26245

Windows SMB Elevation of Privilege Vulnerability...

7.8CVSS7.3AI score0.0065EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.2 views

PT-2024-3301 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to an elevation-of-privilege vulnerability in the implementation of the Server Message Block SMB protocol in Windows operating systems. It is caused by a buffer overflo...

7.8CVSS9.2AI score0.0065EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.6 views

PT-2024-3846

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the cifs signal cifsd for reconnect function in the Linux kernel's SMB client implementation, which is vulnerable to a use-after-free UAF condition. This occurs...

7.8CVSS5.5AI score0.00241EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.6 views

PT-2024-3839

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a potential use-after-free UAF vulnerability in the cifs stats proc write function of the Linux kernel's SMB client implementation. This vulnerability may allow a...

7.8CVSS5.5AI score0.00238EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.5 views

PT-2024-3844

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a potential use-after-free UAF vulnerability in the is valid oplock break function of the Linux kernel's SMB client implementation. This vulnerability may allow a...

7.8CVSS5.5AI score0.00241EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.10 views

PT-2024-3840

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a potential use-after-free UAF vulnerability in the cifs stats proc show function of the Linux kernel's SMB client implementation. This vulnerability may allow an...

7.8CVSS5.6AI score0.00265EPSS
Exploits0
Amazon
Amazon
added 2024/04/01 12:0 a.m.6 views

Medium: kernel

Issue Overview: A flaw was found in the smb client in the Linux kernel. A potential out-of-bounds error was seen in the smb2parsecontexts function. Validate offsets and lengths before dereferencing create contexts in smb2parsecontexts. CVE-2023-52434 In the Linux kernel, the following vulnerabili...

8CVSS7.3AI score0.00992EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/03/27 12:26 a.m.7 views

kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client

An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...

7.4CVSS6.8AI score0.01999EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/27 12:15 a.m.4 views

kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client

An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...

7.4CVSS6.8AI score0.01999EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2024/03/16 7:0 a.m.5 views

smb: client: fix potential OOBs in smb2_parse_contexts()

...

8CVSS7.3AI score0.00566EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/03/12 12:0 a.m.5 views

The vulnerability of the SMB2 packet signing mechanism in the Samba networking communication software allows a attacker to execute a type of “man-in-the-middle” attack.

The vulnerability of the SMB2 packet signing mechanism in the Samba network communication software is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to act remotely...

5.9CVSS6.6AI score0.0039EPSS
Exploits0References7Affected Software6
RedHat Linux
RedHat Linux
added 2024/03/06 12:44 p.m.5 views

kernel: Out-Of-Bounds Read vulnerability in smbCalcSize

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information...

7.1CVSS7.2AI score0.00522EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2024/03/06 12:44 p.m.3 views

kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client

An out-of-bounds memory read flaw was found in receiveencryptedstandard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service...

7.4CVSS6.8AI score0.01999EPSS
Exploits0References5
Amazon
Amazon
added 2024/03/06 12:0 a.m.7 views

Important: kernel-livepatch-5.10.205-195.804

Issue Overview: An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family; While creating a new netfilter table, lack of a safeguard against invalid nftables family pf values within nftablesnewtable...

7.8CVSS6.4AI score0.01999EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/03/04 12:0 a.m.4 views

The vulnerability of SMB microprogramming software for network interfaces and Zyxel USG and Zyxel VPN devices allows a perpetrator to cause service failures.

The vulnerability of SMB microprogramming services for network interfaces and Zyxel USG and Zyxel VPN devices relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2024/03/02 10:15 p.m.2 views

UBUNTU-CVE-2023-52572

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifsdemultiplexthread There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2isnetworknamedeleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/923 CPU: 1 PID: 923 Comm: cifsd...

7.8CVSS6.1AI score0.00225EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.2 views

PT-2024-1935 · Zyxel · Zyxel Usg +1

Name of the Vulnerable Software and Affected Versions: Zyxel USG and Zyxel VPN affected versions not specified Description: The issue is related to a buffer overflow in the memory of the SMB service in the firmware of Zyxel USG and Zyxel VPN firewalls and VPN devices. This can be exploited by a...

7.8CVSS7.7AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/28 12:0 a.m.4 views

Vulnerabilities of the functions smb2_get_ksmbd_tcon() and smb2_check_user_session() in Linux operating system kernels, allowing attackers to enhance their privileges

The vulnerabilities of the functions smb2getksmbdtcon and smb2checkusersession in Linux operating systems are related to improper elimination of special elements in the data request logic when processing parameters like id and tree id. Exploiting these vulnerabilities can allow a remote attacker ...

5.2CVSS6.6AI score0.17442EPSS
Exploits0References18Affected Software3
SUSE CVE
SUSE CVE
added 2024/02/23 3:21 a.m.2 views

SUSE CVE-2023-52441

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds in initsmb2rsphdr If client send smb2 negotiate request and then send smb1 negotiate request, initsmb2rsphdr is called for smb1 negotiate request since needneg is set to false. This patch ignore smb1...

7.8CVSS6.4AI score0.00378EPSS
Exploits0References3
Rows per page
Query Builder