Since Samba 4.0.0 Samba has implemented, in the AD DC, the "dirsync" LDAP control specified in MS-ADTS "188.8.131.52.4.1.3 LDAP_SERVER_DIRSYNC_OID". However, when combined with the ranged results feature specified in MS-ADTS "184.108.40.206.1.3.3 Range Retrieval of Attribute Values" a NULL pointer is can be de-referenced. This is a Denial of Service only, no further escalation of privilege is associated with this issue.
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning.