1851 matches found
Linux kernel 缓冲区错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An input validation error vulnerability exists in versions of Linux kernel prior to 6.3.9, which stems from ksmbd not validating the SMB request protocol ID, and can be exploit...
CVE-2023-24480
Controller DoS due to stack overflow when decoding a message from the server. See Honeywell Security Notification for recommendations on upgrading and versioning...
Honeywell Products 缓冲区错误漏洞
Honeywell Products is a family of products from Honeywell USA. Honeywell Products suffers from a buffer error vulnerability that originates from a stack overflow when decoding a message from a server, resulting in a controller DoS...
CVE-2023-32254
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2TREEDISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...
CVE-2023-32250
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...
DEBIAN-CVE-2023-32250
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...
DEBIAN-CVE-2023-32254
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2TREEDISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this...
CVE-2023-29532
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not...
The vulnerability of the Windows SMB Witness service allows a hacker to bypass access control procedures for RPC processes.
The vulnerability of the Windows SMB Witness service for Windows operating systems is related to security configuration errors. Exploiting this vulnerability could allow a malicious actor to bypass access checks for RPC procedures using a specially created script...
CVE-2023-32021
Windows SMB Witness Service Security Feature Bypass Vulnerability...
PT-2023-3121 · Microsoft · Windows Smb Witness Service +1
Name of the Vulnerable Software and Affected Versions: Windows SMB Witness Service affected versions not specified Description: The issue is related to errors in security settings, allowing a remote attacker to bypass access checks to RPC procedures using a specially crafted script. This can affe...
curl: Use-after-free triggered by an HTTP proxy deny response
A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...
CLSA-2023-1685378052 curl: Fix of 2 CVEs
CVE-2022-43552: smb/telnet: do not free the protocol struct in done - CVE-2022-35252: cookie: reject cookies with "control bytes"...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft
CVE-2020-0...
The vulnerability of the ksmbd module in Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the ksmbd module in Linux operating systems is related to the improper release of resources. Exploiting this vulnerability allows a remote attacker to cause service failures using the SMB2SESSIONSETUP command...
The vulnerability of the ksmbd module in Linux operating systems allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability of the ksmbd module in Linux operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures using the SMB2QUERYINFO and SMB2LOGOFF command...
The vulnerability of the ksmbd module in Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the ksmbd module in Linux operating systems is related to the improper release of resources. Exploiting this vulnerability allows a remote attacker to cause service failures using the SMB2SESSIONSETUP command...
The vulnerability of the ksmbd module in Linux operating systems allows a hacker to execute arbitrary code.
The vulnerability of the ksmbd module in Linux operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using the SMB2QUERYINFO and SMB2LOGOFF commands...
The vulnerability of the ksmbd module in Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the ksmbd module in Linux operating systems is related to pointer arithmetic errors. Exploiting this vulnerability can allow a remote attacker to cause a service failure using the SMB2LOGOFF command...
UBUNTU-CVE-2023-32250
A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2SESSIONSETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerabilit...