CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

PT-2026-5972

Name of the Vulnerable Software and Affected Versions ZSPACE Q2C NAS affected versions not specified Description The ZSPACE Q2C NAS is affected by an issue involving incorrect symbolic link handling. An attacker can format a USB drive to ext4, create a symbolic link to its root directory, insert...

CVE-2025-69431

The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root directory, insert the drive into the NAS device's slot, and then access the USB drive's directory mounted on the NAS using the Sam...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. CVE-2025-39977:...

EUVD-2016-3217

Malware in sbrugna...

PT-2025-33600

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel contains a flaw within the ksmbd component related to incorrect length validation of extended attribute ea buffers during SMB2 file operation handling. Specifically, the...

SUSE CVE-2025-21994

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for numaces field of smbacl parsedcal validate numaces to allocate posixacestatearray. if numaces ULONGMAX / sizeofstruct smbace It is an incorrect validation that we can create an array of size...

Linux Distros Unpatched Vulnerability : CVE-2016-2118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections,...

Linux Distros Unpatched Vulnerability : CVE-2017-12163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious...

SUSE CVE-2023-39176

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose...

DEBIAN-CVE-2024-35863

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in isvalidoplockbreak Skip sessions that are being teared down status == SESEXITING to avoid UAF...

Important: Red Hat Security Advisory: samba security and bug fix update

An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

openSUSE 15 Security Update : samba (openSUSE-SU-2021:3674-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3674-1 advisory. - An attacker can downgrade a negotiated SMB1 client connection and its capabitilities. Kerberos authentication is only possible with the...

CentOS: Security Advisory for ctdb (CESA-2021:2313)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Samba vulnerability issue on IBM SONAS (CVE-2014-0178)

Summary A fix is available for IBM SONAS, for the security issue that an attacker could obtain sensitive information by exploiting a vulnerability in Samba protocol server Vulnerability Details CVEID: CVE-2014-0178 DESCRIPTION: Samba protocol server is used in IBM SONAS to enable file management...

Important: Red Hat Security Advisory: samba3x security update

An update for samba3x is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

CentOS 6 : samba4 (CESA-2017:0744)

An update for samba4 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Critical: Red Hat Security Advisory: samba and samba4 security, bug fix, and enhancement update

An update for samba4 and samba is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7, respectively. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

CVE-2016-2118

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data...