137 matches found
CVE-2026-43377
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...
Azure Linux 3.0 Security Update: samba (CVE-2017-12150)
The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-12150 advisory. - It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce SMB signin...
MiracleLinux 4 : samba-3.6.23-45.AXS4 (AXSA:2017-2303:05)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2303:05 advisory. A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file...
EUVD-2016-5006
Malware in sbrugna...
EUVD-2016-0918
Malware in sbrugna...
About Elevation of Privilege – Windows SMB Client (CVE-2025-33073) vulnerability
About Elevation of Privilege - Windows SMB Client CVE-2025-33073 vulnerability. A vulnerability from the June Microsoft Patch Tuesday allows an attacker to execute a malicious script, forcing the victim's host to connect to the attacker's SMB server and authenticate, resulting in gaining SYSTEM...
CLSA-2025-1747688581 kernel: Fix of 15 CVEs
media: uvcvideo: Fix double free in error path CVE-2024-57980 - vrf: use RCU protection in l3mdevl3out CVE-2025-21791 - geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 - ibmvnic: Don't reference skb after sending to VIOS CVE-2025-21855 - pfifotailenqueue: Drop new packet when...
OESA-2025-1446 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ntbhwswitchtec: Fix shift-out-of-bounds in switchtecntbmwsettrans There is a kernel API ntbmwcleartrans would pass 0 to both addr and size. This would make...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2reconnectserver CVE-2024-35870 In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount CVE-2024-49960 In the Linux kernel, the...
PT-2025-24857
Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description Improper access control in the Windows SMB Client, specifically within the mrxsmb.sys driver, allows an authorized or unauthenticated remote attacker to elevate privileges. The issu...
UBUNTU-CVE-2024-53179
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses-authkey.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifsmount dfsmountshare getsession...
RHEL 5 : samba (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - samba: symlink race permits opening files outside share directory CVE-2017-2619 - samba: Netlogon elevati...
CVE-2023-47574
An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. There is a Weak SMB configuration with signing disabled...
K53313971: Samba vulnerabilities CVE-2016-2110 and CVE-2016-2115
Security Advisory Description CVE-2016-2110 The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove...
K73835689: Samba vulnerability CVE-2017-12150
Security Advisory Description It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text...
New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain
A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System DFS: Namespace Management Protocol MS-DFSNM to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service...
Mageia: Security Advisory (MGASA-2018-0023)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: SMB vulnerabilities in IBM N Series Products
Summary Data ONTAP products implement the SMB protocol. Systems that implement the SMB protocol can be susceptible to one or more man-in-the-middle attacks which when exploited could potentially lead to information disclosure, privilege escalation, or a Denial of Service. Vulnerability Details...
openSUSE 15 Security Update : samba (openSUSE-SU-2021:3674-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3674-1 advisory. - An attacker can downgrade a negotiated SMB1 client connection and its capabitilities. Kerberos authentication is only possible with the...
DonPAPI - Dumping DPAPI Credz Remotely
Dumping revelant information on compromised targets without AV detection DPAPI dumping Lots of credentials are protected by DPAPI. We aim at locating those "secured" credentials, and retreive them using : User password Domaine DPAPI BackupKey Local machine DPAPI Key protecting TaskScheduled blob...