1785 matches found
SUSE-SU-2025:20851-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpibuffer-pointer bsc1249770. - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabl...
CVE-2025-39975 smb: client: fix wrong index reference in smb2_compound_op()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2compoundop In smb2compoundop, the loop that processes each command's response uses wrong indices when accessing response bufferes. This incorrect indexing leads to improper handling o...
PT-2025-44389
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of Distributed File System DFS referrals within the SMB protocol. A malicious SMB server can send crafted responses to FSCTL DFS...
CVE-2025-58726
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-58726 Windows SMB Server Elevation of Privilege Vulnerability
...
CVE-2025-59280
CVE-2025-59280 affects the Windows SMB Client and is described as an improper authentication vulnerability that allows an unauthorized attacker to tamper over the network. The CVSSv3.1 vector from the initial document is: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N with a base score of 3.1 (Low). Connect...
CVE-2025-59280 Windows SMB Client Tampering Vulnerability
...
USN-7808-2 linux-azure-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Network drivers; - Ext4 file system; - SMB network file system; - Packet sockets; - Network traffic control; - TLS...
PT-2025-42142
Name of the Vulnerable Software and Affected Versions Windows SMB Client affected versions not specified Description An improper authentication issue exists in the Windows SMB Client. This allows an unauthorized attacker to perform tampering over a network. Recommendations At the moment, there is...
SMBInvader
SMBInvader This script automates the...
EUVD-2025-33570
Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...
EUVD-2025-33565
Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...
CVE-2025-35061
Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...
CVE-2025-35061
Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...
CVE-2025-35057
Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...
CVE-2025-35058
Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account...
CVE-2025-35061 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx
Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...
CVE-2025-35058 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /UserWeb/Common/MarkupServices.ashx
Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account...
CVE-2025-35057
Newforma Info Exchange (NIX) has a vulnerability in the /RemoteWeb/IntegrationServices.ashx endpoint that allows a remote, unauthenticated attacker to coerce NIX into making an SMB connection to an attacker-controlled system, enabling the attacker to capture the NTLMv2 hash of the NIX service acc...
CVE-2025-35057 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /RemoteWeb/IntegrationServices.ashx
Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...