2 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the "Additional options" line edit. Smb4K versiones anteriores a 1.1.1, permite a atacantes remotos obtener credenciales por medio de vectores relacionados con la opción cuid en la edición de línea "Additional options". • http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html http://sourceforge.net/projects/smb4k/files/1.1.1 http://www.openwall.com/lists/oss-security/2014/03/24/1 http://www.openwall.com/lists/oss-security/2014/03/25/5 https://bugs.gentoo.org/505376 • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2

smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service. smb4k anterior a versión 2.0.1, permite a los usuarios locales conseguir privilegios root mediante la explotación del fallo de comprobación de argumentos en el servicio auxiliar de montaje DBUS. KDE versions 4 and 5 suffer from a KAuth privilege escalation vulnerability. • https://www.exploit-db.com/exploits/42053 http://www.debian.org/security/2017/dsa-3951 http://www.openwall.com/lists/oss-security/2017/05/10/3 http://www.securityfocus.com/bid/98690 http://www.securityfocus.com/bid/98737 https://bugzilla.redhat.com/show_bug.cgi?id=1449656 https://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83cce https://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000e https://security.gentoo.org/glsa/201705-14 https • CWE-20: Improper Input Validation •