CVSS: 5.3EPSS: 2%CPEs: 10EXPL: 0CVE-2023-34968 – Samba: spotlight server-side share path disclosure
https://notcve.org/view.php?id=CVE-2023-34968
20 Jul 2023 — A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. It was discovered that Samba incorrectly handled Winbind NTLM authentication responses. An attacker could possibly use this issue to cause Samba to crash, resulting in a d... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3347 – Samba: smb2 packet signing is not enforced when "server signing = required" is set
https://notcve.org/view.php?id=CVE-2023-3347
20 Jul 2023 — A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. It was discovered that Samba incorrectly handled W... • https://access.redhat.com/errata/RHSA-2023:4325 • CWE-347: Improper Verification of Cryptographic Signature CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0922 – Ubuntu Security Notice USN-5993-1
https://notcve.org/view.php?id=CVE-2023-0922
03 Apr 2023 — The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. La herramienta de administración Samba AD DC, cuando opera contra un servidor LDAP remoto, enviará por defecto contraseñas nuevas o restablecidas a través de una conexión firmada. Demi Marie Obenour discovered that the Samba LDAP server incorrectly handled certain confidential attribute values. A remote authenticated attacker could possibly use this iss... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.7EPSS: 0%CPEs: 7EXPL: 0CVE-2023-0614 – Ubuntu Security Notice USN-5992-1
https://notcve.org/view.php?id=CVE-2023-0614
03 Apr 2023 — The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. La corrección en 4.6.16, 4.7.9, 4.8.4 y 4.9.7 para CVE-2018-10919 Confidential Attribute Disclosure meidante filtros LDAP era insuficiente y un atacante podría ser capaz de obtener claves confidenciales de recuperación de BitLocker desde un Samba AD DC. Demi Marie Obenour discovered that ... • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-0225 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2023-0225
03 Apr 2023 — A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. Se ha encontrado un fallo en Samba. Una comprobación de acceso incompleta en dnsHostName permite a usuarios autenticados pero sin privilegios eliminar este atributo de cualquier objeto del directorio. Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. • https://security.gentoo.org/glsa/202309-06 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45141 – Ubuntu Security Notice USN-5936-1
https://notcve.org/view.php?id=CVE-2022-45141
24 Jan 2023 — Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). Dado que la vulnerabilidad de elevación de privilegios de Windows Kerberos RC4-HMAC fue revelada por Microsoft el 8 de noviembre de 2022 y según RFC8429 se asume que rc4-hmac es débil,... • https://security.gentoo.org/glsa/202309-06 • CWE-326: Inadequate Encryption Strength CWE-328: Use of Weak Hash •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2021-20251 – Ubuntu Security Notice USN-5822-2
https://notcve.org/view.php?id=CVE-2021-20251
24 Jan 2023 — A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. Se ha encontrado un fallo en samba. Una condición de ejecución en el código de bloqueo de contraseñas puede conllevar el riesgo de que los ataques de fuerza bruta tengan éxito si se cumplen unas condiciones especiales. USN-5822-1 fixed vulnerabilities in Samba. • https://bugzilla.redhat.com/show_bug.cgi?id=1929800 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2CVE-2018-14628 – Gentoo Linux Security Advisory 202402-28
https://notcve.org/view.php?id=CVE-2018-14628
17 Jan 2023 — An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store. Se descubrió una vulnerabilidad de fuga de información en el servidor LDAP de Samba. Debido a la falta de comprobaciones de control de acceso, un atacante autenticado pero sin privilegios podría descubrir los nombres y atributos conservados de los objetos eliminados en ... • http://www.openwall.com/lists/oss-security/2023/11/28/4 • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3592 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2022-3592
12 Jan 2023 — A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. Se ha encontrado una vulnerabilidad de seguimiento de enlaces simbólicos en Samba, donde un usuario puede... • https://access.redhat.com/security/cve/CVE-2022-3592 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-4603 – ppp pppdump pppdump.c dumpppp array index
https://notcve.org/view.php?id=CVE-2022-4603
18 Dec 2022 — A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. • https://github.com/ppp-project/ppp/commit/a75fb7b198eed50d769c80c36629f38346882cbf • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •