FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1edae47e-1cdd-11ea-8c2a-08002743b791samba -- multiple vulnerabilities

The Samba Team reports:

CVE-2019-14861:

An authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name.

CVE-2019-14870:

The DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC.


Discovery 2019-12-10
Entry 2019-12-12
samba48
ge 4.8.0

samba410
< 4.10.11

samba411
< 4.11.3

https://www.samba.org/samba/history/samba-4.10.11.html
CVE-2019-14861
CVE-2019-14870
3c7911c9-8a29-11ea-8d8c-005056a311d1samba -- multiple vulnerabilities

The Samba Team reports:

CVE-2020-10700

A client combining the 'ASQ' and 'Paged Results' LDAP controls can cause a use-after-free in Samba's AD DC LDAP server.

CVE-2020-10704

A deeply nested filter in an un-authenticated LDAP search can exhaust the LDAP server's stack memory causing a SIGSEGV.


Discovery 2020-04-29
Entry 2020-04-29
samba410
< 4.10.15

samba411
< 4.11.8

samba412
< 4.12.2

https://www.samba.org/samba/history/samba-4.12.2.html
CVE-2020-10700
CVE-2020-10704
5f0dd349-40a2-11ea-8d8c-005056a311d1samba -- multiple vulnerabilities

The Samba Team reports:

CVE-2019-14902

The implementation of ACL inheritance in the Samba AD DC was not complete, and so absent a 'full-sync' replication, ACLs could get out of sync between domain controllers.

CVE-2019-14907

When processing untrusted string input Samba can read past the end of the allocated buffer when printing a "Conversion error" message to the logs.

CVE-2019-19344

During DNS zone scavenging (of expired dynamic entries) there is a read of memory after it has been freed.


Discovery 2020-01-14
Entry 2020-01-27
samba410
< 4.10.12

samba411
< 4.11.4

https://www.samba.org/samba/history/samba-4.10.12.html
CVE-2019-14902
CVE-2019-14907
CVE-2019-19344
24ace516-fad7-11ea-8d8c-005056a311d1samba -- Unauthenticated domain takeover via netlogon

The Samba Team reports:

An unauthenticated attacker on the network can gain administrator access by exploiting a netlogon protocol flaw.


Discovery 2020-01-01
Entry 2020-09-20
samba410
< 4.10.18

samba411
< 4.11.13

samba412
< 4.12.7

https://www.samba.org/samba/security/CVE-2020-1472.html
CVE-2020-1472
50a1bbc9-fb80-11e9-9e70-005056a311d1samba -- multiple vulnerabilities

The samba project reports:

Malicious servers can cause Samba client code to return filenames containing path separators to calling code.

When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string.

Users with the "get changes" extended access right can crash the AD DC LDAP server by requesting an attribute using the range= syntax.


Discovery 2019-09-29
Entry 2019-10-29
samba48
le 4.8.12

samba410
< 4.10.10

samba411
< 4.11.2

https://www.samba.org/samba/security/CVE-2019-10218.html
CVE-2019-10218
https://www.samba.org/samba/security/CVE-2019-14833.html
CVE-2019-14833
https://www.samba.org/samba/security/CVE-2019-14847.html
CVE-2019-14847
145a3e17-cea2-11e9-81e2-005056a311d1samba -- combination of parameters and permissions can allow user to escape from the share path definition

The samba project reports:

On a Samba SMB server for all versions of Samba from 4.9.0 clients are able to escape outside the share root directory if certain configuration parameters set in the smb.conf file.


Discovery 2019-09-01
Entry 2019-09-03
samba410
< 4.10.8

CVE-2019-10197
https://www.samba.org/samba/security/CVE-2019-10197.html
ae599263-bca2-11ea-b78f-b42e99a1b9c3samba -- Multiple Vulnerabilities

The Samba Team reports:

Four vulnerabilities were fixed in samba:

  • CVE-2020-10730: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results
  • CVE-2020-10745: Parsing and packing of NBT and DNS packets can consume excessive CPU in the AD DC (only)
  • CVE-2020-10760: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV
  • CVE-2020-14303: Empty UDP packet DoS in Samba AD DC nbtd

Discovery 2020-07-02
Entry 2020-07-02
samba410
< 4.10.17

samba411
< 4.11.11

samba412
< 4.12.4

https://www.samba.org/samba/security/CVE-2020-10730.html
https://www.samba.org/samba/security/CVE-2020-10745.html
https://www.samba.org/samba/security/CVE-2020-10760.html
https://www.samba.org/samba/security/CVE-2020-14303.html
CVE-2020-10730
CVE-2020-10745
CVE-2020-10760
CVE-2020-14303
9ca85b7c-1b31-11eb-8762-005056a311d1samba -- Multiple Vulnerabilities

The Samba Team reports:

  • CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify
  • CVE-2020-14323: Unprivileged user can crash winbind
  • CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records

Discovery 2020-10-29
Entry 2020-10-30
samba410
le 4.10.18

samba411
< 4.11.15

samba412
< 4.12.9

samba413
< 4.13.1

https://www.samba.org/samba/security/CVE-2020-14318.html
https://www.samba.org/samba/security/CVE-2020-14323.html
https://www.samba.org/samba/security/CVE-2020-14383.html
CVE-2020-14318
CVE-2020-14323
CVE-2020-14383