332 matches found
CVE-2022-42278
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering...
CVE-2022-3882
CVE-2022-3882 concerns the WordPress WP Memory plugin prior to 2.46. The vulnerability is a lack of proper authorization and CSRF protection in an AJAX action, allowing any authenticated user (e.g., a subscriber) to call the action and install/activate arbitrary plugins from wordpress.org. Connec...
Amazon Linux AMI : samba (ALAS-2022-1642)
The version of samba installed on the remote host is prior to 4.10.16-20.62. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1642 advisory. It was found that the Kerberos Key Distribution Center KDC delegation feature, Service for User S4U, did not sufficient...
Amazon Linux 2022 : samba (ALAS2022-2022-213)
The version of samba installed on the remote host is prior to 4.16.5-0. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-213 advisory. - A security feature bypass vulnerability exists in the way Key Distribution Center KDC determines if a service ticket ca...
GLSA-202211-04 : PostgreSQL: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202211-04 PostgreSQL: Multiple Vulnerabilities - When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries...
RHEL 9 : samba (RHSA-2022:8317)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8317 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allo...
CLSA-2022-1668547929 samba: Fix of CVE-2022-32742
CVE-2022-32742: Fix server memory information leak via SMB1...
CLSA-2022-1668546881 samba: Fix of CVE-2022-32742
CVE-2022-32742: Fix server memory information leak via SMB1...
samba: server memory information leak via SMB1
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...
CVE-2022-39294 (DoS) Denial of Service from unchecked request length in conduit-hyper
conduit-hyper integrates a conduit application with the hyper server. Prior to version 0.4.2, conduit-hyper did not check any limit on a request's length before calling hyper::body::tobytes. An attacker could send a malicious request with an abnormally large Content-Length, which could lead to a...
Critical Vulnerability in Open SSL
There are no details yet, but its really important that you patch Open SSL 3.x when the new version comes out on Tuesday. How bad is "Critical"? According to OpenSSL, an issue of critical severity affects common configurations and is also likely exploitable. Its likely to be abused to disclose...
Oracle Linux 8 : samba (ELSA-2022-7111)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7111 advisory. - Fix CVE-2022-32742 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...
samba: server memory information leak via SMB1
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...
RHEL 8 : samba (RHSA-2022:7111)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7111 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allo...
AlmaLinux 8 : samba (ALSA-2022:7111)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7111 advisory. - A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing...
samba: server memory information leak via SMB1
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file or printer instead of client-supplied data. The client cannot control the area of the...
CVE-2022-38371
A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 = V2.3 =...
Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2022-2480)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP8 : samba (EulerOS-SA-2022-2480)
According to the versions of the samba packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing th...
USN-5645-1: PostgreSQL vulnerabilities
Jacob Champion discovered that PostgreSQL incorrectly handled SSL certificate verification and encryption. A remote attacker could possibly use this issue to inject arbitrary SQL queries when a connection is first established. CVE-2021-23214 Tom Lane discovered that PostgreSQL incorrect handled...