CVSS: 5.9EPSS: 67%CPEs: 79EXPL: 3CVE-2023-48795 – ssh: Prefix truncation attack on Binary Packet Protocol (BPP)
https://notcve.org/view.php?id=CVE-2023-48795
18 Dec 2023 — The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phas... • https://packetstorm.news/files/id/176280 • CWE-222: Truncation of Security-relevant Information CWE-354: Improper Validation of Integrity Check Value •
CVSS: 10.0EPSS: 7%CPEs: 7EXPL: 1CVE-2023-3961 – Samba: smbd allows client access to unix domain sockets on the file system as root
https://notcve.org/view.php?id=CVE-2023-3961
12 Oct 2023 — A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connect... • https://access.redhat.com/errata/RHSA-2023:6209 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 4%CPEs: 11EXPL: 0CVE-2023-42669 – Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc
https://notcve.org/view.php?id=CVE-2023-42669
11 Oct 2023 — A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function u... • https://access.redhat.com/errata/RHSA-2023:6209 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 1%CPEs: 7EXPL: 0CVE-2023-4091 – Samba: smb clients can truncate files with read-only permissions
https://notcve.org/view.php?id=CVE-2023-4091
11 Oct 2023 — A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions che... • https://access.redhat.com/errata/RHSA-2023:6209 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2023-3347 – Samba: smb2 packet signing is not enforced when "server signing = required" is set
https://notcve.org/view.php?id=CVE-2023-3347
20 Jul 2023 — A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data. It was discovered that Samba incorrectly handled W... • https://access.redhat.com/errata/RHSA-2023:4325 • CWE-347: Improper Verification of Cryptographic Signature CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.3EPSS: 4%CPEs: 10EXPL: 0CVE-2023-34968 – Samba: spotlight server-side share path disclosure
https://notcve.org/view.php?id=CVE-2023-34968
20 Jul 2023 — A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path. It was discovered that Samba incorrectly handled Winbind NTLM authentication responses. An attacker could possibly use this issue to cause Samba to crash, resulting in a d... • https://access.redhat.com/errata/RHSA-2023:6667 • CWE-201: Insertion of Sensitive Information Into Sent Data •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-3854 – Ubuntu Security Notice USN-6063-1
https://notcve.org/view.php?id=CVE-2022-3854
06 Mar 2023 — A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. Mark Kirkwood discovered that Ceph incorrectly handled certain key lengths. An attacker could possibly use this issue to create non-random encryption keys. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. • https://bugzilla.redhat.com/show_bug.cgi?id=2139925 • CWE-177: Improper Handling of URL Encoding (Hex Encoding) •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 1CVE-2022-2447
https://notcve.org/view.php?id=CVE-2022-2447
01 Sep 2022 — A flaw was found in Keystone. There is a time lag (up to one hour in a default configuration) between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected. Se ha encontrado un fallo en Keystone. Hay un desfase (de hasta una hora en una configuración por defecto) entre el momento en que la política de seguridad dice que un token debe ser revocado y el momento en que realmente lo es. • https://access.redhat.com/security/cve/CVE-2022-2447 • CWE-324: Use of a Key Past its Expiration Date CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0CVE-2021-3670 – Gentoo Linux Security Advisory 202309-06
https://notcve.org/view.php?id=CVE-2021-3670
01 Aug 2022 — MaxQueryDuration not honoured in Samba AD DC LDAP MaxQueryDuration no es cumplido en Samba AD DC LDAP It was discovered that Samba did not handle MaxQueryDuration when being used in AD DC configurations, contrary to expectations. This issue only affected Ubuntu 20.04 LTS. Luke Howard discovered that Samba incorrectly handled certain restrictions associated with changing passwords. A remote attacker being requested to change passwords could possibly use this issue to escalate privileges. • https://bugzilla.redhat.com/show_bug.cgi?id=2077533 • CWE-400: Uncontrolled Resource Consumption •