CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2017/11/27 10:29 p.m.•1 views

DEBIAN-CVE-2017-14746

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request...

9.8CVSS8.1AI score0.09876EPSS

OSV•added 2017/11/27 10:29 p.m.•2 views

ALPINE-CVE-2017-14746

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request...

9.8CVSS8AI score0.09876EPSS

RedHat Linux•added 2017/11/27 4:39 a.m.•104 views

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS6.9AI score0.21408EPSS

RedHat Linux•added 2017/11/27 4:39 a.m.•8 views

samba: Use-after-free in processing SMB1 requests

A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code...

9.8CVSS7.5AI score0.09876EPSS

Exploits0References5

CNVD•added 2017/11/22 12:0 a.m.•2 views

Samba Memory Misreference Vulnerability

Samba is a set of free software developed by the Samba team that enables UNIX series operating systems to connect to the SMB/CIFS network protocol of Microsoft Windows operating systems. The program supports sharing printers, transferring data files to each other, and so on. A memory misreference...

9.8CVSS7.4AI score0.09876EPSS

CNVD•added 2017/11/21 12:0 a.m.•3 views

Cisco Firepower System Software SNORT Detection Engine Security Bypass Vulnerability

Cisco Firepower System Software is a next-generation firewall product NGFW from Cisco.SNORT detection engine is one of the intrusion detection engines. A security vulnerability exists in the SNORT detection engine in Cisco Firepower System Software, which stems from the program's failure to...

5.8CVSS6.9AI score0.01604EPSS

OSV•added 2017/11/21 12:0 a.m.•3 views

UBUNTU-CVE-2017-14746

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request...

9.8CVSS7.3AI score0.09876EPSS

Positive Technologies•added 2017/11/21 12:0 a.m.•5 views

PT-2017-4074

Name of the Vulnerable Software and Affected Versions Samba versions 4.x before 4.7.3 Description The issue is related to a use-after-free vulnerability in the implementation of the SMB1 protocol in the Samba network interaction software package. This vulnerability can be exploited by a remote...

10CVSS8.3AI score0.99512EPSS

Exploits154References202

OSV•added 2017/11/16 7:29 a.m.•3 views

CVE-2017-12300

A vulnerability in the SNORT detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass a file policy that is configured to block the Server Message Block Version 2 SMB2 protocol. The vulnerability is due to the incorrect detection of an SMB2 fil...

5.8CVSS5.8AI score0.01604EPSS

Exploits0References2

Prion•added 2017/11/16 7:29 a.m.•13 views

Arbitrary file deletion

5CVSS5.7AI score0.01604EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2017/11/16 12:0 a.m.•5 views

PT-2017-12476 · Cisco · Cisco Firepower System

Name of the Vulnerable Software and Affected Versions: Cisco Firepower System Software affected versions not specified Description: A flaw in the SNORT detection engine could allow an unauthenticated, remote attacker to bypass a file policy configured to block the Server Message Block Version 2...

5.8CVSS7AI score0.01604EPSS

BDU FSTEC•added 2017/11/10 12:0 a.m.•6 views

The vulnerability of the Microsoft Server Message Block (SMB) network protocol in the Windows operating system allows a hacker to cause a service failure.

The vulnerability of the Microsoft Server Message Block SMB network protocol in the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted requests to the...

7.8CVSS7.4AI score0.14399EPSS

RedHat Linux•added 2017/11/02 2:50 p.m.•2 views

samba: Some code path don't enforce smb signing, when they should (incomplete fix of CVE-2017-12150)

It was discovered that the fix for CVE-2017-12150 was not properly shipped in erratum RHSA-2017:2858 for Red Hat Gluster Storage 3.3 for RHEL 6...

7.4CVSS7.2AI score0.13228EPSS

BDU FSTEC•added 2017/10/23 12:0 a.m.•6 views

The vulnerability of the Microsoft Windows Search component on Windows operating systems allows a perpetrator to execute arbitrary code or obtain confidential system information.

The vulnerability of the Microsoft Windows Search component in Windows operating systems is related to errors in processing objects in memory. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code or obtain confidential system information through the SMB connection...

10CVSS8.2AI score0.64132EPSS

Tenable Nessus•added 2017/10/17 12:0 a.m.•728 views

Microsoft Windows SMB Server (2017-10) Multiple Vulnerabilities (uncredentialed check)

The remote Windows host is affected by the following vulnerabilities : - A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 1.0 SMBv1 server handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to...

7.8CVSS8.8AI score0.14399EPSS

OSV•added 2017/10/13 1:29 p.m.•0 views

CVE-2017-11780

The Server Message Block 1.0 SMBv1 on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly...

7CVSS6.4AI score0.09961EPSS