CVSS: 4.3EPSS: 1%CPEs: 16EXPL: 0CVE-2018-1050 – samba: NULL pointer dereference in printer server process
https://notcve.org/view.php?id=CVE-2018-1050
13 Mar 2018 — All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. Todas las versiones de Samba, desde la 4.0.0 en adelante, son vulnerables a un ataque de denegación de servicio (DoS) cuando el servicio RPC spoolss se configura para ejecutarse como demonio externo. La falta de com... • http://www.securityfocus.com/bid/103387 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 40%CPEs: 16EXPL: 0CVE-2017-14746 – samba: Use-after-free in processing SMB1 requests
https://notcve.org/view.php?id=CVE-2017-14746
21 Nov 2017 — Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. Vulnerabilidad de uso de memoria previamente liberada en las versiones 4.x de Samba anteriores a la 4.7.3 permiten que atacantes remotos ejecuten código arbitrario mediante una petición SMB1. A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash... • http://www.securityfocus.com/bid/101907 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 30%CPEs: 15EXPL: 0CVE-2017-15275 – samba: Server heap-memory disclosure
https://notcve.org/view.php?id=CVE-2017-15275
21 Nov 2017 — Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Las versiones anteriores a la 4.7.3 de Samba podrían permitir que atacantes remotos obtengan información sensible aprovechando el error del servidor para borrar la memoria dinámica (heap) asignada. A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-c... • http://www.securityfocus.com/bid/101908 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 0%CPEs: 14EXPL: 0CVE-2017-12150 – samba: Some code path don't enforce smb signing, when they should
https://notcve.org/view.php?id=CVE-2017-12150
21 Sep 2017 — It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. Se ha descubierto que Samba en versiones anteriores a la 4.4.16, versiones 4.5.x anteriores a la 4.5.14 y versiones 4.6.x anteriores a la 4.6.8 no cumple "SMB signing" cuando están habilitadas determinadas opciones de configuración. Un atacante remoto ... • http://www.securityfocus.com/bid/100918 • CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 7.1EPSS: 41%CPEs: 14EXPL: 0CVE-2017-12163 – Samba: Server memory information leak over SMB1
https://notcve.org/view.php?id=CVE-2017-12163
21 Sep 2017 — An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Se ha descubierto una vulnerabilidad de fuga de información en la manera en la que Samba, en versiones anteriores a la 4.4.16, versiones 4.5.x anteriores a la 4.5.14 y... • http://www.securityfocus.com/bid/100925 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 12EXPL: 0CVE-2017-12151 – samba: SMB2 connections don't keep encryption across DFS redirects
https://notcve.org/view.php?id=CVE-2017-12151
21 Sep 2017 — A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. Se ha encontrado un fallo en la forma en la que el cliente samba en versiones anteriores a samba 4.4.16, samba 4.5.14 y samba 4.6.8 utilizaba cifrado con el protocolo max estable... • http://www.securityfocus.com/bid/100917 • CWE-300: Channel Accessible by Non-Endpoint CWE-310: Cryptographic Issues •
CVSS: 8.1EPSS: 2%CPEs: 10EXPL: 0CVE-2017-11103 – Apple Security Advisory 2017-10-31-2
https://notcve.org/view.php?id=CVE-2017-11103
13 Jul 2017 — Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimd... • http://www.debian.org/security/2017/dsa-3912 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 2CVE-2017-9461 – samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks
https://notcve.org/view.php?id=CVE-2017-9461
06 Jun 2017 — smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. smbd en Samba versiones anteriores a 4.4.10 y 4.5.x versiones anteriores a 4.5.6, tienen una vulnerabilidad de denegación de servicio (fd_open_atomic infinite loop con un alto uso de CPU y consumo de memoria) debido a un manejo inadecuado de los enlaces simbólicos colgantes. A flaw was found in the way Sa... • http://www.securityfocus.com/bid/99455 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 10.0EPSS: 97%CPEs: 5EXPL: 22CVE-2017-7494 – Samba Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-7494
24 May 2017 — Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. Samba desde la versión 3.5.0 y anteriores a 4.6.4, versiones 4.5.10 y 4.4.14, son vulnerables a la ejecución de código remota, lo que permite que un cliente malicioso cargar una biblioteca compartida en un recurso compartido editable, y luego causar que el servidor lo c... • https://packetstorm.news/files/id/142710 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 8%CPEs: 6EXPL: 2CVE-2017-2619 – Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
https://notcve.org/view.php?id=CVE-2017-2619
23 Mar 2017 — Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. Samba, en versiones anteriores a 4.6.1, 4.5.7 y 4.4.11, es vulnerable a un cliente malicioso que emplee una carrera symlink para permitir el acceso a áreas del sistema de archivos del servidor que no se exportan bajo la definición compartida. A race condition was found in samba server. A malicious samba client coul... • https://packetstorm.news/files/id/141824 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •