squid: buffer-over-read in SSPI and SMB authentication

A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure...

squid: buffer-over-read in SSPI and SMB authentication

A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure...

squid: buffer-over-read in SSPI and SMB authentication

A flaw was found in Squid. An incorrect integer overflow protection in the Squid SSPI and SMB authentication helpers is vulnerable to a buffer overflow attack, resulting in information disclosure...

OESA-2022-1974 squid security update

Squid is a high-performance proxy caching server. It handles all requests in a single, non-blocking, I/O-driven process and keeps meta data and implements negative caching of failed requests. Security Fixes: Exposure of Sensitive Information in Cache Manager...

PT-2022-33937 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.62 Description: The issue is related to an out of bound read for SMB2 WRITE. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.15.62...

PT-2022-5749 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows affected versions not specified Description: The issue is related to the SPNEGO Extended Negotiation NEGOEX security mechanism in Microsoft Windows, which can lead to information disclosure. It allows remote attackers to...

DEBIAN-CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

ALPINE-CVE-2022-32742

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...

PT-2024-11770

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns temporary data corruption in the insert range of the smb3 module. The insert range does not discard the affected cached region, which can risk temporarily corrupting...

PT-2024-11771

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to temporary data corruption in the collapse range of the smb3 module. The collapse range does not discard the affected cached region, which can risk temporarily...

The vulnerability of the SMB1 protocol implementation in the Samba network communication software allows a perpetrator to induce a service failure.

The vulnerability of the SMB1 protocol implementation in the Samba networking software lies in the fact that the operation values are written outside the buffer in memory during the range checking process. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...

CVE-2022-35804

SMB Client and Server Remote Code Execution Vulnerability...

PT-2022-22963 · Unknown +1 · Smb Client/Server +1

Name of the Vulnerable Software and Affected Versions: SMB Client and Server affected versions not specified Description: The issue allows remote attackers to execute arbitrary code and affect the system. Recommendations: At the moment, there is no information about a newer version that contains ...

CVE-2022-35629

Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2...

Samba 安全漏洞

Samba is a set of free software from the Samba team that enables UNIX series operating systems to connect to the SMB/CIFS network protocol of Microsoft Windows operating systems. The program supports sharing printers, transferring data files to each other, and so on. A security vulnerability exis...

The vulnerability of the SMB Server component in Oracle Solaris allows a hacker to trigger a service failure.

The vulnerability of the SMB Server component in Oracle Solaris relates to resource release errors. Exploiting this vulnerability can allow an attacker to cause service failures...

CVE-2022-21524

Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise Oracle Solaris. Successful attacks of this vulnerability can...

PT-2022-4136 · Samba +10 · Samba +10

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A flaw was found in Samba, where some SMB1 write requests were not correctly range-checked, allowing server memory contents to be written into the file or printer instead of client-supplied...

PT-2022-7165 · Unknown · Avalanche Premise

Name of the Vulnerable Software and Affected Versions: Avalanche Premise versions 6.3.x and below Description: The issue is related to an improper authentication procedure in the Avalanche system, which can be exploited by an attacker to bypass security restrictions. This can be achieved by...