SUSE SLES15 Security Update : kernel (SUSE-SU-2025:03615-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:03615-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: ...

ROS-20251020-10

A vulnerability in the ksmbd component of the Linux operating system kernel is related to reading outside the allowed boundaries of the of the data buffer. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of smb2getdataarealen function in module...

Microsoft Windows SMB Client Improper Access Control Vulnerability

Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate...

Microsoft Windows SMB Server Access Control Error Vulnerability

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. A security vulnerability exists in Microsoft Windows SMB Server that can be exploited by an...

ROS-20251017-02

A vulnerability in the LoongArch component of the Linux operating system kernel is related to incorrect locking in the arch/loongarch/include/asm/io.h file. Exploitation of the vulnerability could allow an attacker to cause a denial of service denial of service Vulnerability of...

CVE-2025-39975

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2compoundop In smb2compoundop, the loop that processes each command's response uses wrong indices when accessing response bufferes. This incorrect indexing leads to improper handling o...

SUSE-SU-2025:20851-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpibuffer-pointer bsc1249770. - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabl...

CVE-2025-39975 smb: client: fix wrong index reference in smb2_compound_op()

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2compoundop In smb2compoundop, the loop that processes each command's response uses wrong indices when accessing response bufferes. This incorrect indexing leads to improper handling o...

PT-2025-44389

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of Distributed File System DFS referrals within the SMB protocol. A malicious SMB server can send crafted responses to FSCTL DFS...

CVE-2025-58726

Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-58726 Windows SMB Server Elevation of Privilege Vulnerability

...

CVE-2025-59280

CVE-2025-59280 affects the Windows SMB Client and is described as an improper authentication vulnerability that allows an unauthorized attacker to tamper over the network. The CVSSv3.1 vector from the initial document is: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N with a base score of 3.1 (Low). Connect...

CVE-2025-59280 Windows SMB Client Tampering Vulnerability

...

USN-7808-2 linux-azure-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Ext4 file system; - SMB network file system; - Packet sockets; - Network traffic control; - TLS...

PT-2025-42142

Name of the Vulnerable Software and Affected Versions Windows SMB Client affected versions not specified Description An improper authentication issue exists in the Windows SMB Client. This allows an unauthorized attacker to perform tampering over a network. Recommendations At the moment, there is...

SMBInvader

SMBInvader This script automates the...

EUVD-2025-33565

Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...

EUVD-2025-33570

Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...

CVE-2025-35061

Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...

CVE-2025-35061

Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...