tcpdump: Buffer over-read in smbutil.c:name_len() in SMB/CIFS parser

The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in smbutil.c:namelen...

DEBIAN-CVE-2018-9268

In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-smb2.c has a memory leak...

PT-2018-1178

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions prior to 6.41.3/6.42rc27 Description The issue is caused by a buffer overflow in the SMB service of MikroTik RouterOS, allowing remote attackers to execute arbitrary code on the system. This can be exploited before...

Design/Logic Flaw

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are...

The vulnerability of the mrxsmb.sys module, part of the Microsoft Server Message Block protocol (SMBv2/SMBv3), in Windows operating systems allows a hacker to cause a service failure.

The vulnerability of the mrxsmb.sys module, which is part of the Microsoft Server Message Block protocol SMBv2/SMBv3, in Windows operating systems is related to insufficient input validation. Exploiting this vulnerability can allow a remote attacker to cause a SMB client service failure using a...

Microsoft Server Message Block Client Denial of Service Vulnerability

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. The Microsoft Server Message Block SMBv2/SMBv3 client is one of the clients that provides authentication for computers to access printers and file systems on the server. A denial of service...

CVE-2018-0833

The Microsoft Server Message Block 2.0 and 3.0 SMBv2/SMBv3 client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability"...

Microsoft Windows Multiple Vulnerabilities (KB4074594)

This host is missing a critical security update according to Microsoft KB4074594 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

January 3, 2018—KB4056888 (OS Build 10586.1356)

January 3, 2018—KB4056888 OS Build 10586.1356 This update can be applied to Windows 10 Enterprise and Windows 10 Education editions only. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:...

Microsoft Windows Server Message Block Elevation of Privilege Vulnerability

Microsoft Windows 7 SP1 and others are operating systems released by Microsoft Corporation in the U.S. The Server Message Block SMB Server is one of the components that provides authentication for computers to access printers and file systems on servers. An elevation of privilege vulnerability...

Privilege escalation

The Microsoft Server Message Block SMB Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability d...

CVE-2018-0749

The Microsoft Server Message Block SMB Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability d...

CVE-2018-0749

The Microsoft Server Message Block SMB Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability d...

Microsoft Windows Multiple Vulnerabilities (KB4056892)

This host is missing a critical security update according to Microsoft KB4056892. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2018-2785 · Microsoft · Windows 8.1 +8

Name of the Vulnerable Software and Affected Versions: Windows 7 SP1 Windows 8.1 and RT 8.1 Windows Server 2008 SP2 and R2 SP1 Windows Server 2012 and R2 Windows 10 versions 1511 through 1709 Windows Server 2016 Windows Server, version 1709 Description: The issue is related to errors in access...

CVE-2017-14385

An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual...

DEBIAN-CVE-2017-14746

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request...

ALPINE-CVE-2017-14746

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request...

samba: Use-after-free in processing SMB1 requests

A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code...

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...