The vulnerability of the smb2_is_status_io_timeout() function in Linux operating system-based SMB components allows a hacker to trigger a service failure.

The vulnerability of the smb2isstatusiotimeout function in Linux kernel-based SMB components is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...

Vulnerability of the setup_async_work() function (fs/ksmbd/smb2pdu.c) in the SMB subsystem of the Linux operating system, allowing a hacker to cause a service failure

The vulnerability of the setupasyncwork function fs/ksmbd/smb2pdu.c in the SMB subsystem of the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

Vulnerability of the parse_lease_state() function (fs/ksmbd/oplock.c) in the SMB subsystem of the Linux operating system, allowing a hacker to trigger a service failure

The vulnerability of the parseleasestate function fs/ksmbd/oplock.c in the SMB subsystem of the Linux operating system is related to errors during variable initialization. Exploiting this vulnerability could allow an attacker to cause a service failure...

PT-2023-2061 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: Zoom versions prior to 5.13.5 Description: The issue is related to an improper trust boundary implementation when connecting to an SMB server. This could allow a remote attacker to gain unauthorized access to protected information or execute...

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

SUSE CVE-2023-1192

A use-after-free flaw was found in smb2isstatusiotimeout in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region,...

SUSE CVE-2004-0634

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service process crash via a handle without a policy name, which causes a null dereference...

SUSE CVE-2005-3242

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service crash via unknown vectors in 1 the IrDA dissector and 2 the SMB dissector when SMB transaction payload reassembly is enabled...

SUSE CVE-2006-1938

Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service crash from null dereference via the 1 Sniffer capture or 2 SMB PIPE dissector...

SUSE CVE-2007-0008

Integer underflow in the SSLv2 support in Mozilla Network Security Services NSS before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to...

SUSE CVE-2008-1105

Heap-based buffer overflow in the receivesmbraw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response...

SUSE CVE-2009-1439

Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel 2.6.29 and earlier allows remote attackers to cause a denial of service crash via a long nativeFileSystem field in a Tree Connect response to an SMB mount request...

SUSE CVE-2009-4377

The 1 SMB and 2 SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 allow remote attackers to cause a denial of service crash via a crafted packet that triggers a NULL pointer dereference, as demonstrated by fuzz-2009-12-07-11141.pcap...

SUSE CVE-2010-2248

fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel before 2.6.34-rc4 allows remote attackers to cause a denial of service panic via an SMB response packet with an invalid CountHigh value, as demonstrated by a response from an OS/2 server, related to the CIFSSMBWrite and CIFSSMBWrite...

SUSE CVE-2013-0454

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to 1 write to a read-only share; 2 trigger...

SUSE CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream...

SUSE CVE-2016-10154

The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x before 4.9.1 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging use of more th...

SUSE CVE-2018-10103

tcpdump before 4.9.3 mishandles the printing of SMB data issue 1 of 2...

SUSE CVE-2018-10105

tcpdump before 4.9.3 mishandles the printing of SMB data issue 2 of 2...