CVE-2022-37967
- EPSS 4.49%
- Veröffentlicht 09.11.2022 22:15:14
- Zuletzt bearbeitet 02.01.2025 22:15:10
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-37966
- EPSS 2.77%
- Veröffentlicht 09.11.2022 22:15:13
- Zuletzt bearbeitet 02.01.2025 22:15:09
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVE-2022-32743
- EPSS 1.15%
- Veröffentlicht 01.09.2022 21:15:10
- Zuletzt bearbeitet 22.08.2025 10:31:41
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
CVE-2022-1615
- EPSS 0.41%
- Veröffentlicht 01.09.2022 21:15:08
- Zuletzt bearbeitet 22.08.2025 20:19:52
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
CVE-2022-0336
- EPSS 1.3%
- Veröffentlicht 29.08.2022 15:15:09
- Zuletzt bearbeitet 21.11.2024 06:38:24
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that...
CVE-2022-32742
- EPSS 0.99%
- Veröffentlicht 25.08.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:06:52
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied d...
CVE-2022-32744
- EPSS 0.96%
- Veröffentlicht 25.08.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:06:52
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
CVE-2022-32745
- EPSS 0.9%
- Veröffentlicht 25.08.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:06:52
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
CVE-2022-32746
- EPSS 1.06%
- Veröffentlicht 25.08.2022 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:06:52
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privile...
CVE-2022-2031
- EPSS 0.97%
- Veröffentlicht 25.08.2022 18:15:09
- Zuletzt bearbeitet 21.11.2024 07:00:12
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit t...