CVE-2026-21880

Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to...

CVE-2024-3454 In-Fabric Matter Cluster Attribute Disclosure

An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric footprinting, even though the protocol is designed to prevent access to such information...

CVE-2023-34085 User Attribute Disclosure via DynamoDB Data Stores

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...

CVE-2023-34085 User Attribute Disclosure via DynamoDB Data Stores

When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request...

Fedora 36 : libldb / samba (2023-1c172e3264)

The remote Fedora 36 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-1c172e3264 advisory. Update to ldb 2.5.3 and samba 4.16.10 Security fixes for CVE-2023-0922, CVE-2023-0614 Tenable has extracted the preceding description block directly...

Design/Logic Flaw

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...

CVE-2023-0614

CVE-2023-0614 affects Samba’s AD DC LDAP server, where incomplete remediation in the fixes for CVE-2018-10919 left the system vulnerable to confidential attribute disclosure via LDAP filters. Public details in connected documents show that Samba versions prior to 4.6.16, 4.7.9, and 4.8.4 remain a...

SUSE CVE-2023-0614

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...

UBUNTU-CVE-2023-0614

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC...

Access controlled AD LDAP attributes can be discovered

== Summary: The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure via LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. Installations with such secrets in their Samba AD should assu...

samba -- multiple vulnerabilities

The Samba Team reports: An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset...

openSUSE Security Update : samba (openSUSE-2019-617)

This update for samba fixes the following issues : The following security vulnerabilities were fixed : - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; bsc1095048 - CVE-2018-1140: ldbsearch 'distinguishedName=abc' and DNS query with escapes crashes; bsc1095056 - CVE-2018-10919:...

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2018:2318-1)

This update for samba fixes the following issues: The following security vulnerabilities were fixed : - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; bsc1095048 - CVE-2018-1140: ldbsearch 'distinguishedName=abc' and DNS query with escapes crashes; bsc1095056 - CVE-2018-10919:...

openSUSE: Security Advisory for samba (openSUSE-SU-2018:2400-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2018:2318-1 Security update for samba

This update for samba fixes the following issues: The following security vulnerabilities were fixed: - CVE-2018-1139: Disable NTLMv1 auth if smb.conf doesn't allow it; bsc1095048 - CVE-2018-1140: ldbsearch 'distinguishedName=abc' and DNS query with escapes crashes; bsc1095056 - CVE-2018-10919:...

Confidential attribute disclosure from the AD LDAP

Description All versions of the Samba Active Directory LDAP server from 4.0.0 onwards are vulnerable to the disclosure of confidential attribute values, both of attributes where the schema SEARCHFLAGCONFIDENTIAL 0x80 searchFlags bit and where an explicit Access Control Entry has been specified on...

samba -- multiple vulnerabilities

The samba project reports: Samba releases 4.7.0 to 4.8.3 inclusive contain an error which allows authentication using NTLMv1 over an SMB1 transport either directory or via NETLOGON SamLogon calls from a member server, even when NTLMv1 is explicitly disabled on the server. Missing input sanitizati...