CVE-2025-10230 Samba: command injection in wins server hook script

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

SUSE SLES15: ctdb / libsamba-policy-devel / libsamba-policy-python3-devel / etc (SUSE-SU-2025:3677-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3677-1 advisory. - CVE-2025-9640: Fixed vfsstreamsxattr uninitialized memory write bsc1251279. - CVE-2025-10230: Fixed command Injection in WINS...

Security update for samba

This update for samba fixes the following issues: CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280. Patch Instructions: To install this SUSE update use the SUSE recommended installati...

Security update for samba

This update for samba fixes the following issues: CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280. Patch Instructions: To install this SUSE update use the SUSE recommended installati...

SUSE-SU-2025:03603-1 Security update for samba

This update for samba fixes the following issues: - CVE-2025-9640: Fixed uninitialized memory disclosure via vfsstreamsxattr bsc1251279. - CVE-2025-10230: Fixed command Injection in WINS server hook script bsc1251280...

CVE-2025-32439 pleezer allows resource exhaustion through uncollected hook script processes

pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even...

pleezer 安全漏洞

pleezer is a Deezer Connect player by the individual developer Roderick van Domburg. A security vulnerability exists in versions of pleezer prior to 0.16.0, which stems from a hook script that does not properly clean up processes, potentially leading to the accumulation of zombie processes...

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0385-1)

This update for libvirt provides several fixes. This security issue was fixed : - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead method which allowed to cause DoS bsc1076500. These security issues were fixed : - Add a qemu hook script providing functionality similar to Xen's...

SUSE-SU-2018:0279-1 Security update for libvirt

This update for libvirt provides several fixes. This security issue was fixed: - CVE-2018-5748: Prevent resource exhaustion via qemuMonitorIORead method which allowed to cause DoS bsc1076500. These security issues were fixed: - Add a qemu hook script providing functionality similar to Xen's...