CVSS: 9.9EPSS: 22%CPEs: 42EXPL: 3CVE-2021-44142 – Samba fruit_pwrite Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44142
01 Feb 2022 — The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. El módulo vfs_fruit de S... • https://github.com/horizon3ai/CVE-2021-44142 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 43EXPL: 0CVE-2016-2124 – samba: SMB1 client connections can be downgraded to plaintext authentication
https://notcve.org/view.php?id=CVE-2016-2124
11 Nov 2021 — A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required. Se ha encontrado un fallo en la forma en que Samba implementa la autenticación SMB1. Un atacante podría usar este fallo para recuperar la contraseña en texto plano enviada a través del cable, incluso si es requerida la autenticación Kerberos Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client... • https://bugzilla.redhat.com/show_bug.cgi?id=2019660 • CWE-287: Improper Authentication •
CVSS: 8.5EPSS: 0%CPEs: 44EXPL: 0CVE-2020-25717 – samba: Active Directory (AD) domain user could become root on domain members
https://notcve.org/view.php?id=CVE-2020-25717
11 Nov 2021 — A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. Se encontró un fallo en la forma en que Samba mapea usuarios del dominio a usuarios locales. Un atacante autenticado podría usar este fallo para causar una posible escalada de privilegios Stefan Metzmacher discovered that Samba incorrectly handled SMB1 client connections. A remote attacker could possibly use this issue to downgrade connections to plaintext... • https://bugzilla.redhat.com/show_bug.cgi?id=2019672 • CWE-20: Improper Input Validation •
CVSS: 8.6EPSS: 3%CPEs: 7EXPL: 0CVE-2016-7797 – pacemaker: pacemaker remote nodes vulnerable to hijacking, resulting in a DoS attack
https://notcve.org/view.php?id=CVE-2016-7797
03 Nov 2016 — Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection. Pacemaker en versiones anteriores a 1.1.15, al usar el control remoto de marcapasos, podría permitir a atacantes remotos provocar una denegación de servicio (desconexión de nodo) a través de una conexión no autenticada. It was found that the connection between a pacemaker cluster and a pacemaker_remote node could be shut down using a new unau... • http://bugs.clusterlabs.org/show_bug.cgi?id=5269 • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1867 – pacemaker: acl read-only access allow role assignment
https://notcve.org/view.php?id=CVE-2015-1867
22 Jul 2015 — Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. Vulnerabilidad en Pacemaker en versiones anteriores a 1.1.13, no evalúa correctamente nodos añadidos, lo que permite a usuarios remotos de sólo lectura obtener privilegios a través de un comando de acl. A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170610.html • CWE-264: Permissions, Privileges, and Access Controls CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 1%CPEs: 9EXPL: 1CVE-2015-1848 – pcs: improper web session variable signing
https://notcve.org/view.php?id=CVE-2015-1848
13 May 2015 — The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag. El demonio pcs (pcsd) en PCS 0.9.137 y anteriores no establece el indicador de seguridad en una cookie de sesión https, lo cual hace más... • http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •