EUVD-2023-41119

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-39707

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: check if hubbub is NULL in debugfs/amdgpudmcapabilities HUBBUB structure is not initialized on DCE hardware, so check if it is NULL to avoid null dereference while accessing amdgpudmcapabilities file in debugfs...

drm/amd/display: Check dce_hwseq before dereferencing it

...

SUSE CVE-2025-38361

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dcehwseq before dereferencing it WHAT hws was checked for null earlier in dce110blankstream, indicating hws can be null, and should be checked whenever it is used. cherry picked from commit...

DEBIAN-CVE-2025-38361

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dcehwseq before dereferencing it WHAT hws was checked for null earlier in dce110blankstream, indicating hws can be null, and should be checked whenever it is used. cherry picked from commit...

CVE-2025-38361

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dcehwseq before dereferencing it WHAT hws was checked for null earlier in dce110blankstream, indicating hws can be null, and should be checked whenever it is used. cherry picked from commit...

CVE-2019-19707

On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices with firmware through 6.0, denial of service can occur via PROFINET DCE-RPC endpoint discovery packets...

PT-2025-30761

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s drm/amd/display module where the dce hwseq is dereferenced without a prior check, potentially leading to issues. The issue arises because hws was...

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 CVSS score: 9.8, concerns a case of heap-overflow vulnerability in the implementation of the DCE/RPC...

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared the user credentials state was only pointed at and when one connection within that association group ended the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.

...

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 CVSS score: 9.8, has been described as a heap-overflow vulnerability in the DCE/RPC protocol. "A...

Advisory ROSA-SA-2024-2451

Software: samba 4.12.3 OS: ROSA Virtualization 2.1 packageevrstring: samba-4.12.3 CVE-ID: CVE-2020-25722 BDU-ID: 2022-00004 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the Active Directory Domain Controller component of the Samba networking software package is caused by a buffer overflow...

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution. The list of vulnerabilities is as follows - CVE-2024-37079 & CVE-2024-37080 CVSS scores: 9.8 -...

EulerOS Virtualization 2.11.1 : samba (EulerOS-SA-2024-1408)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when...

RHEL 8 : samba (RHSA-2023:7464)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7464 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol,...

Rocky Linux 8 : samba (RLSA-2021:5082)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:5082 advisory. - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wi...

VMware vCenter Server Appliance DCE/RPC Protocol Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of DCE/RPC protocol. The issue results from the lack ...

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 CVSS score: 9.8, has been described as an out-of-bounds write vulnerability in the implementation of the DCE/R...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Samba vulnerabilities (USN-6425-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6425-1 advisory. Sri Nagasubramanian discovered that the Samba aclxattr VFS module incorrectly handled read-only files. When Samba is configured to...

GLSA-202309-06 : Samba: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-06 Samba: Multiple Vulnerabilities - Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a...