30 matches found
samba: Remote Code Execution in SAMR
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
samba: Remote Code Execution in SAMR
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
ALPINE-CVE-2026-4408
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
CVE-2026-4408 Samba: remote code execution in samr
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
CVE-2026-4408
CVE-2026-4408 : Samba remotely executes code due to a misconfiguration in the “check password script” feature when the script uses the %u substitution. The client-supplied username is passed with insufficient escaping of shell meta-characters, enabling remote command execution on affected systems...
CVE-2026-4408
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
EUVD-2026-32741
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
CVE-2026-4408
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
CVE-2026-4408
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
SUSE CVE-2026-4408
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...
User Enumeration
Django is vulnerable to user enumeration. The vulnerability is due to improper handling of authentication timing differences in the django.contrib.auth.handlers.modwsgi.checkpassword function when used with modwsgi, which allows a remote attacker to enumerate valid users by measuring response tim...
CVE-2025-13473
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
EUVD-2022-4011
Malicious code in bioql PyPI...
SUSE-SU-2025:1193-1 Security update for apparmor
This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : apparmor (SUSE-SU-2025:1134-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1134-1 advisory. This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password...
SUSE-SU-2025:1135-1 Security update for apparmor
This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...
SUSE SLES12 Security Update : apparmor (SUSE-SU-2025:1101-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1101-1 advisory. This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...
PT-2025-19699 · Opensuse +1 · Apparmor +1
Name of the Vulnerable Software and Affected Versions: apparmor affected versions not specified Description: This issue allows dovecot-auth to execute the unix check password function from /sbin, not only from /usr/bin. Recommendations: At the moment, there is no information about a newer version...
PT-2025-19700 · Suse · Apparmor +1
This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...
SUSE-SU-2025:1101-1 Security update for apparmor
This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...