How severe is CVE-2019-14861?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2019-14861?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2019-14861 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.

Related Vulnerabilities

CVE-2017-1000089

MEDIUM

CVSS:5.3(Medium)

Builds in Jenkins are associated with an authentication that controls the permissions that the build has to interact with other elements in Jenkins. The Pipeline: Build Step Plugin did not check the b...

CWE-2762017

CVE-2018-12160

MEDIUM

CVSS:5.3(Medium)

DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory pe...

CWE-2762018

CVE-2019-18366

MEDIUM

CVSS:5.3(Medium)

In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View build runtime parameters and data" permission.

CWE-2762019

CVE-2019-18367

MEDIUM

CVSS:5.3(Medium)

In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user without the corresponding permissions.

CWE-2762019

CVE-2019-18369

MEDIUM

CVSS:5.3(Medium)

In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the corresponding permission was possible.

CWE-2762019

CVE-2019-19712

MEDIUM

CVSS:5.3(Medium)

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them.

CWE-2762019