Since Samba 4.0.0 Samba has implemented, in the AD DC, the "dirsync" LDAP control specified in MS-ADTS "22.214.171.124.4.1.3 LDAP_SERVER_DIRSYNC_OID". However, when combined with the ranged results feature specified in MS-ADTS "126.96.36.199.1.3.3 Range Retrieval of Attribute Values" a NULL pointer is can be de-referenced. This is a Denial of Service only, no further escalation of privilege is associated with this issue.
Since Samba Version 4.5.0 a Samba AD DC can use a custom command to verify the password complexity. The command can be specified with the "check password script" smb.conf parameter. This command is called when Samba handles a user password change or a new user password is set. The script receives the new cleartext password string in order to run custom password complexity checks like dictionary checks to avoid weak user passwords. When the password contains multi-byte (non-ASCII) characters, the check password script does not receive the full password string.
Samba client code (libsmbclient) returns server-supplied filenames to calling code without checking for pathname separators (such as "/" or"../") in the server returned names. A malicious server can craft a pathname containing separators and return this to client code, causing the client to use this access local pathnames for reading or writing instead of SMB network pathnames. This access is done using the local privileges of the client. This attack can be achieved using any of SMB1/2/3 as it is not reliant on any specific SMB protocol version.
In PHP in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.
The vulnerability give attackers the ability to load and execute malicious payloads within the context of Avira signed processes. This ability might be abused by an attacker for different purposes such as execution and evasion, for example: Application Whitelisting Bypass.
A DLL Preloading vulnerability allows an attacker to implant %WINDIR%\system32\wbemcomn.dll, which is loaded into a protected-light process (PPL) and might bypass some of the self-defense mechanisms. The vulnerability gives attackers the ability to load and execute malicious payloads using multiple signed services, within the context of AVG / Avast signed processes. This ability might be abused by an attacker for different purposes such as execution and evasion, for example: Application Whitelisting Bypass.
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning.