CVE-2022-32519

A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert Versions prior to V7.9.0...

Amazon Linux 2022 : samba (ALAS2022-2022-224)

The version of samba installed on the remote host is prior to 4.16.2-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-224 advisory. - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the...

NewStart CGSL MAIN 6.02 : samba Multiple Vulnerabilities (NS-SA-2022-0099)

The remote NewStart CGSL host, running version MAIN 6.02, has samba packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if...

Buffer overflow in Heimdal unwrap_des3()

Description The DES for Samba 4.11 and earlier and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a maliciously small packet. Examples of where Samba can use GSSAPI include the client and...

DCE extension for Typo3 Discloses Environment Information

The default configuration in the Dynamic Content Elements dce extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request...

EulerOS Virtualization 2.10.1 : samba (EulerOS-SA-2022-1387)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext...

EulerOS Virtualization 2.10.0 : samba (EulerOS-SA-2022-1413)

According to the versions of the samba packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext...

VulnCheck KEV: CVE-2015-2370

The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection...

AlmaLinux 8 : samba (ALSA-2021:5082)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5082 advisory. - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire...

AZL-8905 CVE-2021-3738 affecting package samba 4.12.5-7

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

AZL-37005 CVE-2021-3738 affecting package samba for versions less than 4.18.3-1

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

Design/Logic Flaw

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

Design/Logic Flaw

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...