Azure Linux 3.0 Security Update: samba (CVE-2022-32746)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-32746 advisory. - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message...

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

EUVD-2022-35812

Malicious code in bioql PyPI...

EUVD-2022-46929

Malicious code in bioql PyPI...

Alibaba Cloud Linux 3 : 0006: libldb (ALINUX3-SA-2023:0006)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0006 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-32746: A flaw was found in the Samba AD LD...

CentOS 9 : libldb-2.5.2-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libldb-2.5.2-1.el9 build changelog. - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database...

CVE-2022-43959

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...

Default credentials

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...

EulerOS 2.0 SP8 : libldb (EulerOS-SA-2022-2798)

According to the versions of the libldb packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding databa...

Oracle Linux 9 : libldb (ELSA-2022-8318)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8318 advisory. - resolves: rhbz2109017 - Fix CVE-2022-32746 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 8 : libldb (ELSA-2022-7730)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7730 advisory. - resolves: rhbz2109016 - Fix CVE-2022-32746 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

EulerOS 2.0 SP10 : libldb (EulerOS-SA-2022-2656)

According to the versions of the libldb package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding databas...

Huawei EulerOS: Security Advisory for libldb (EulerOS-SA-2021-1606)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-10730

CVE-2020-10730 affects the Samba AD DC LDAP Server (ASQ, VLV, and paged_results) with a NULL pointer dereference/use-after-free in affected builds prior to 4.10.17, 4.11.11, and 4.12.4. The root cause is in handling certain LDAP controls in the AD DC LDAP server, with the issue also present in th...

Information disclosure

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading 1 an error message ...

CVE-2015-3223

The ldbwildcardcompare function in ldbmatch.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service infinite loop via crafted packets...

CVE-2015-5330

CVE-2015-5330 affects the ldb component used by the Samba AD LDAP server. The issue arises in ldb before 1.1.24, within Samba 4.x deployments (before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3), where string lengths are mishandled. This enables a remote attacker to read sensitive data fro...