Lucene search
+L
SambaCifs-utils

4 matches found

CVE
CVE
added 2021/04/19 9:12 p.m.272 views

CVE-2021-20208

CVE-2021-20208 affects the cifs-utils package prior to 6.13. When mounting a Kerberos-authenticated CIFS file system from inside a container, a user can reuse the host’s Kerberos credentials, risking data confidentiality and integrity. Affected: cifs-utils (versions

6.1CVSS6.1AI score0.00642EPSS
CVE
CVE
added 2020/09/09 11:13 a.m.265 views

CVE-2020-14342

CVE-2020-14342 affects cifs-utils’ mount.cifs, which can invoke a shell when requesting the Samba password. This enables local attackers with sufficient permissions (for example via sudo rule configurations) to inject commands and escalate privileges. Public advisories confirm a shell-injection f...

7CVSS6.9AI score0.00652EPSS
CVE
CVE
added 2022/04/27 12:0 a.m.186 views

CVE-2022-27239

CVE-2022-27239 affects cifs-utils up to version 6.14, due to a stack-based buffer overflow when parsing the mount.cifs ip= argument, enabling local attackers to gain root privileges. A patched version is available (e.g., cifs-utils 6.14-2 and later per advisories). Remediation is to update to a f...

7.8CVSS7.7AI score0.00562EPSS
CVE
CVE
added 2022/04/28 12:0 a.m.132 views

CVE-2022-29869

CVE-2022-29869 affects the cifs-utils package. The issue is an information leak that occurs when verbose logging dumps lines containing = signs from a credentials file that is not a valid credentials file, potentially exposing sensitive data. Affected versions include cifs-utils up to 6.14; sever...

5.3CVSS6AI score0.01866EPSS