Lucene search
+L

284 matches found

OpenVAS
OpenVAS
added 2021/11/12 12:0 a.m.22 views

Ubuntu: Security Advisory (USN-5142-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS7.8AI score0.02032EPSS
Exploits0References3
OSV
OSV
added 2021/11/11 1:2 p.m.7 views

USN-5142-1 samba vulnerabilities

Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext authentication. CVE-2016-2124 Andrew Bartlett discovered that Samba incorrectly mapping domain users to local users. An...

9CVSS6.8AI score0.02032EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2021/11/11 12:0 a.m.56 views

SUSE SLED15: ctdb / ldb-tools / libdcerpc-binding0 / libdcerpc-binding0-32bit / etc (SUSE-SU-2021:3647-1)

"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3647-1 advisory. - CVE-2020-25718: Fixed that an RODC can issue forge administrator tickets to other servers bsc1192246. - CVE-2021-3738: Fixed crash ...

9CVSS6.8AI score0.13794EPSS
Exploits0References25
RedhatCVE
RedhatCVE
added 2021/11/10 4:0 a.m.37 views

CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

8.8CVSS8.2AI score0.01888EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/11/10 3:37 a.m.50 views

CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements. Mitigation Setting dcesrv:max auth states=0 in the...

7.5CVSS7.4AI score0.01953EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/11/09 12:0 a.m.35 views

CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

7.5CVSS6.8AI score0.01953EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/11/09 12:0 a.m.30 views

CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

8.8CVSS6.9AI score0.01888EPSS
Exploits0References4
Samba
Samba
added 2021/11/09 12:0 a.m.70 views

Subsequent DCE/RPC fragment injection vulnerability

Description Samba implements DCE/RPC, and in most cases it is provided over and protected by the underlying SMB transport, with protections like 'SMB signing'. However there are other cases where large DCE/RPC request payloads are exchanged and fragmented into several pieces. If this happens over...

7.5CVSS0.2AI score0.01953EPSS
Exploits0
GithubExploit
GithubExploit
added 2021/07/02 4:44 p.m.328 views

Exploit for CVE-2021-1675

PrintNightmare CVE-2021-1675 This Zeek script detects succe...

9.3CVSS8.8AI score0.99759EPSS
Exploits75
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2019:3318-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.4CVSS6.6AI score0.02783EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.42 views

SUSE SLES12 Security Update : samba (SUSE-SU-2020:3082-1)

This update for samba fixes the following issues : CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records bsc1177613. CVE-2020-14323: Unprivileged user can crash winbind bsc1173994. CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify bsc1173902...

6.5CVSS6.8AI score0.0218EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.27 views

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:3092-1)

This update for samba fixes the following issues : CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records bsc1177613. CVE-2020-14323: Unprivileged user can crash winbind bsc1173994. CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify bsc1173902...

6.5CVSS6.8AI score0.0218EPSS
Exploits0References10
Veracode
Veracode
added 2020/11/09 5:15 a.m.19 views

Denial Of Service (DoS)

samba is vulnerable to denial of service DoS. The vulnerability exists as an authenticated user can crash the DCE/RPC DNS with easily crafted records...

6.5CVSS2.8AI score0.0218EPSS
Exploits0References4Affected Software6
Tenable Nessus
Tenable Nessus
added 2020/11/03 12:0 a.m.36 views

openSUSE Security Update : samba (openSUSE-2020-1819)

This update for samba fixes the following issues : Update to samba 4.11.14 - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records bsc1177613. - CVE-2020-14323: Unprivileged user can crash winbind bsc1173994. - CVE-2020-14318: Missing permissions check in...

6.5CVSS6.8AI score0.0218EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2020/11/03 12:0 a.m.15 views

openSUSE: Security Advisory for samba (openSUSE-SU-2020:1811-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.5AI score0.0218EPSS
Exploits0References2
OSV
OSV
added 2020/10/29 10:1 a.m.7 views

SUSE-SU-2020:3082-1 Security update for samba

This update for samba fixes the following issues: - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records bsc1177613. - CVE-2020-14323: Unprivileged user can crash winbind bsc1173994. - CVE-2020-14318: Missing permissions check in SMB1/2/3 ChangeNotify...

6.5CVSS5.6AI score0.0218EPSS
Exploits0References7
OSV
OSV
added 2020/10/29 10:1 a.m.7 views

SUSE-SU-2020:3081-1 Security update for samba

This update for samba fixes the following issues: Update to samba 4.11.14 - CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records bsc1177613. - CVE-2020-14323: Unprivileged user can crash winbind bsc1173994. - CVE-2020-14318: Missing permissions check in...

6.5CVSS5.5AI score0.0218EPSS
Exploits0References7
ALT Linux
ALT Linux
added 2020/10/29 12:0 a.m.109 views

Security fix for the ALT Linux 10 package samba version 4.12.9-alt1

Oct. 29, 2020 Evgeny Sinelnikov 4.12.9-alt1 - Update to latest stable security release of the Samba 4.12 - Security fixes: + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify + CVE-2020-14323: Unprivileged user can crash winbind + CVE-2020-14383: An authenticated user can...

4CVSS6.9AI score0.0218EPSS
Exploits0
Prion
Prion
added 2020/02/11 4:15 p.m.22 views

Design/Logic Flaw

Profinet-IO PNIO stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable...

7.8CVSS7.4AI score0.01448EPSS
Exploits1References1Affected Software27
Cvelist
Cvelist
added 2020/02/11 3:36 p.m.44 views

CVE-2019-13946

Profinet-IO PNIO stack versions prior V06.00 do not properly limit internal resource allocation when multiple legitimate diagnostic package requests are sent to the DCE-RPC interface. This could lead to a denial of service condition due to lack of memory for devices that include a vulnerable...

7.5CVSS7.4AI score0.01448EPSS
Exploits1References2
Rows per page
Query Builder