Security
Headlines
HeadlinesLatestCVEs

Tag

#samba

CVE-2022-47941: ksmbd: fix memory leak in smb2_handle_negotiate · torvalds/linux@aa7253c

An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c omits a kfree call in certain smb2_handle_negotiate error conditions, aka a memory leak.

CVE
Open in Source
#microsoft#linux#samba#auth
CVE-2022-47939: ksmbd: fix use-after-free bug in smb2_tree_disconect · torvalds/linux@cf6531d

An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu.c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

CVE-2022-47938

An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2misc.c has an out-of-bounds read and OOPS for SMB2_TREE_CONNNECT.

CVE-2022-4662: [PATCH 5.4 053/108] USB: core: Prevent nested device-reset calls

A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.

CVE-2022-40434: Build website, web app & portals on Airtable without code | Softr

Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022. Samba is an open source Windows

Microsoft Reclassifies SPNEGO Extended Negotiation Security Vulnerability as 'Critical'

Microsoft has revised the severity of a security vulnerability it originally patched in September 2022, upgrading it to "Critical" after it emerged that it could be exploited to achieve remote code execution. Tracked as CVE-2022-37958 (CVSS score: 8.1), the flaw was previously described as an information disclosure vulnerability in SPNEGO Extended Negotiation (NEGOEX) Security Mechanism. SPNEGO,

Is an outsourced SOC worth it? Looking at the ROI of MDR

Categories: Business How much can you really save leveraging an outsourced SOC versus building your own in-house? How much ROI can MDR provide over the long-term? In this post, we’ll answer each of these questions and more. (Read more...) The post Is an outsourced SOC worth it? Looking at the ROI of MDR appeared first on Malwarebytes Labs.

Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest

Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon.

Silence is golden partner for Truebot and Clop ransomware

Categories: News Categories: Ransomware Tags: Silence Tags: TA505 Tags: Clop ransomware Tags: Truebot Tags: Grace Tags: Cobalt Strike Tags: Teleport Tags: FIN11 Researchers have identified two new Truebot botnets that are using new versions of the Truebot downloader Trojan to infiltrate and explore a target's network. (Read more...) The post Silence is golden partner for Truebot and Clop ransomware appeared first on Malwarebytes Labs.