samba vulnerabilities and exploits

5
CVSSv2
CVE-2018-20336

An issue was discovered in ASUSWRT 3.0.0.4.384.20308. There is a stack-based buffer overflow issue in parse_req_queries function in wanduck.c via a long string over UDP, which may lead to an information leak....

AsusAsuswrt-merlin
6.4
CVSSv2
CVE-2019-10197

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared directory and access the...

4.8
CVSSv2
CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt...

AppleIphone OsMac Os XTvosWatchosGoogleAndroid
5.5
CVSSv2
CVE-2018-16838

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access....

2.7
CVSSv2
CVE-2019-3811

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access...

6.8
CVSSv2
CVE-2014-8184

A vulnerability was found in liblouis, versions 2.5.x before 2.5.4. A stack-based buffer overflow was found in findTable() in liblouis. An attacker could create a malicious file that would cause applications that use liblouis (such as Orca) to crash, or potentially execute...

1.9
CVSSv2
CVE-2009-1215

Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file....

GnuGnu Screen
NA
CVE-2019-8699

Apple iOS could allow a remote attacker to bypass security restrictions, caused by a logic issue in the Telephony component. An attacker could exploit this vulnerability to cause the recipient to answer a simultaneous Walkie-Talkie connection....

NA
CVE-2019-8682

Apple watchOS could allow a remote attacker to bypass security restrictions, caused by an error in the Wallet component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to complete an in-app purchase while on the lock screen....

NA
CVE-2019-8665

Apple watchOS is vulnerable to a denial of service, caused by an error in the Messages component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to cause the application to terminate....