Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-03-12 | CVE-2017-2619 | Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. | Debian_linux, Enterprise_linux, Samba | 7.5 | ||
| 2018-03-13 | CVE-2018-1057 | On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). | Ubuntu_linux, Debian_linux, Samba | 8.8 | ||
| 2018-04-19 | CVE-2018-2813 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality... | Ubuntu_linux, Debian_linux, Mariadb, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Mysql, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openstack | 4.3 | ||
| 2018-07-18 | CVE-2018-3058 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity... | Ubuntu_linux, Debian_linux, Mariadb, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Mysql, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 4.3 | ||
| 2018-07-18 | CVE-2018-3066 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized... | Ubuntu_linux, Debian_linux, Mariadb, Oncommand_insight, Oncommand_workflow_automation, Snapcenter, Storage_automation_store, Mysql, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation | 3.3 | ||
| 2018-07-26 | CVE-2017-12150 | It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. | Debian_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Gluster_storage, Samba | 7.4 | ||
| 2018-11-28 | CVE-2018-16841 | Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(),... | Ubuntu_linux, Debian_linux, Samba | 6.5 | ||
| 2018-11-28 | CVE-2018-16851 | Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service. | Ubuntu_linux, Debian_linux, Samba | 6.5 | ||
| 2018-12-07 | CVE-2018-19935 | ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. | Debian_linux, Php | 7.5 | ||
| 2009-06-25 | CVE-2009-1888 | The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory. | Ubuntu_linux, Debian_linux, Samba | N/A |