2083 matches found
samba: smbd allows client access to unix domain sockets on the file system as root
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
CVE-2022-40681
A incorrect authorization in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe...
Authorization
A incorrect authorization in Fortinet FortiClient Windows 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe...
kernel: drm/amd/display: Do not set DRR on pipe Commit
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit WHY Writing to DRR registers such as OTGVTOTALMIN on the same frame as a pipe commit can cause underflow...
Fortinet FortiClient Security Vulnerability
Fortinet FortiClient is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exists in Fortinet FortiClient...
Discourse Security Breach
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse prior to version 3.1.3, which stems from the fact that if a user's full name uses "|" and the user is quoted, updating the user's...
samba: smbd allows client access to unix domain sockets on the file system as root
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
kernel: drm/amd/display: Do not set DRR on pipe Commit
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit WHY Writing to DRR registers such as OTGVTOTALMIN on the same frame as a pipe commit can cause underflow...
Rocky Linux 8 : kernel-rt (RLSA-2022:0819)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0819 advisory. - In unixscmtoskb of afunix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with...
Fedora 39 : ghostscript (2023-b240ebd9aa)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-b240ebd9aa advisory. Automatic update for ghostscript-10.01.2-1.fc39. Changelog Fri Jul 14 2023 Michael J Gruber - 10.01.2-1 - rebase to bugfix release 10.01.2 rhbz2182090 - fix...
Exploit for Improper Initialization in Linux Linux_Kernel
!Dirty Pipehttps://forum.hackersploit.org/uploads/default/ori...
Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2023-416)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-416 advisory. Samba is vulnerable to path traversal due to insufficient sanitization of clients incoming pipe names. This can lead to the client connecting to as root to a Unix domain socket outside of the...
ALPINE-CVE-2023-3961
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
AZL-31899 CVE-2023-3961 affecting package samba 4.12.5-7
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
CVE-2023-3961
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
DEBIAN-CVE-2023-3961
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
AZL-37024 CVE-2023-3961 affecting package samba 4.18.3-2
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
CVE-2023-3961
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
CVE-2023-3961 Samba: smbd allows client access to unix domain sockets on the file system as root
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call RPC services like SAMR LSA or SPOOLSS, which Samba initiates o...
CVE-2023-31019
NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context...