CVE-2019-9579

An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITEXATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are...

CVE-2022-43381

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639...

DEBIAN-CVE-2022-47943

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is an out-of-bounds read and OOPS for SMB2WRITE, when there is a large length in the zero DataOffset case...

AZL-12097 CVE-2022-47942 affecting package kernel for versions less than 5.15.86.1-1

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in setntacldacl, related to use of SMB2QUERYINFOHE after a malformed SMB2SETINFOHE command...

DEBIAN-CVE-2022-47942

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in setntacldacl, related to use of SMB2QUERYINFOHE after a malformed SMB2SETINFOHE command...

UBUNTU-CVE-2022-47942

An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2. There is a heap-based buffer overflow in setntacldacl, related to use of SMB2QUERYINFOHE after a malformed SMB2SETINFOHE command...

IBM AIX 安全漏洞

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unauthorized local attackers to achieve a denial of service via the AIX SMB...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue discovered in ksmbd where a heap-based buffer overflow exists in setntacldacl, which is related to...

HTTP Proxy deny use after free

curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struc...

The vulnerability of the Server Message Block Version 2 (SMB2) protocol implementation in the Snort intrusion detection system of Cisco Firepower Threat Defense (FTD), the Cisco Meraki MX network device management software, the Cisco Cyber Vision industrial network security control solution, and the Cisco Umbrella cloud security service allows a perpetrator to bypass security restrictions and cause service interruptions.

The vulnerability of the Server Message Block Version 2 SMB2 implementation in the Snort intrusion detection system of the Cisco Firepower Threat Defense FTD microprogramming network interface devices, the Cisco Meraki MX network devices, the Cisco Cyber Vision industrial network security control...

CLSA-2022-1668547929 samba: Fix of CVE-2022-32742

CVE-2022-32742: Fix server memory information leak via SMB1...

CVE-2022-20943

Multiple vulnerabilities in the Server Message Block Version 2 SMB2 processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service DoS condition on an affected device. These...

kernel: smb2_ioctl_query_info NULL pointer dereference

A denial of service DOS issue was found in the Linux kernel’s smb2ioctlqueryinfo function in the fs/cifs/smb2ops.c Common Internet File System CIFS due to an incorrect return from the memdupuser function. This flaw allows a local, privileged CAPSYSADMIN attacker to crash the system...

PT-2022-5809

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense FTD with Snort 3 configured Cisco Meraki MX with Snort 3 configured Cisco Cyber Vision with Snort 3 configured Cisco Umbrella with Snort 3 configured Description Multiple vulnerabilities in the Server Message Blo...

多款Cisco产品安全漏洞

Cisco Firepower Threat Defense FTD and Cisco Cyber Vision Center Software are both products of Cisco, Inc.Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services. Cisco Cyber Vision Center Software is an industrial control system ICS monitorin...

PT-2022-6189 · Cisco · Cisco Meraki Mx +3

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD versions with Snort 3 configured Cisco Meraki MX versions with Snort 3 configured Cisco Cyber Vision versions with Snort 3 configured Cisco Umbrella versions with Snort 3 configured Description: Multiple...

Cisco Firepower Threat Defense 安全漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability in Cisco Firepower Threat Defense's Snort detection engine, which stems from mismanagement of system resources by its Server Message Block Version...

PT-2022-7575 · Curl +11 · Curl +11

Name of the Vulnerable Software and Affected Versions: curl versions prior to 7.87.0 Description: A use after free vulnerability exists in curl. The issue arises when curl is asked to tunnel virtually all protocols it supports through an HTTP proxy, and the proxy denies such tunnel operations for...

Octopus Server 安全漏洞

Octopus Server is an automated deployment platform. Octopus Server suffers from a security vulnerability that stems from a Git connection checker that can initiate an SMB connection, leading to an NTLM relay attack...

CLSA-2022-1665680640 Fixed CVE-2022-41318 in squid-4.module_el8.4.0+2078+2063f9d1.2.tuxcare.els4

CVE-2022-41318: Fix buffer-over-read in SSPI and SMB authentication...