Skip to main content

Samba

114 CVEs product

Monthly

CVE-2026-2340 MEDIUM PATCH This Month

WORM protection bypass in Samba's vfs_worm VFS module allows authenticated share users to defeat data retention controls by renaming a newly created file over an existing WORM-protected file. Affected users are those operating Samba deployments that have explicitly enabled the vfs_worm module for write-once, read-many data protection - such as compliance, archival, or audit log shares. An attacker with low-privilege write access can silently overwrite files that should be immutable post-grace-period, with high integrity impact (CVSS I:H). No public exploit or CISA KEV listing is identified at time of analysis.

Information Disclosure Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1933 MEDIUM PATCH This Month

Access control bypass in Samba allows authenticated SMB users who hold write permissions on the underlying filesystem to create or delete NTFS-style reparse point metadata on shares configured with 'read only = yes', defeating the read-only intent of the export. Because the necessary access checks are missing at the SMB layer, an attacker can change how files behave when accessed over SMB - for example, converting a regular file into a symbolic link or another reparse-point type - yielding an integrity and availability impact (CVSS 7.1). There is no public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation as 'none', non-automatable, with partial technical impact.

Authentication Bypass Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3012 MEDIUM PATCH This Month

Trust-store poisoning in Samba's certificate auto-enrollment lets an adjacent-network attacker install an attacker-controlled CA certificate when auto-enrollment is enabled. Because Samba retrieves the CA certificate over plaintext HTTP and adds it to the local trust store without verifying authenticity, a man-in-the-middle can have a rogue CA trusted system-wide, enabling interception or spoofing of otherwise trusted TLS communications. The issue carries CVSS 8.0 with high confidentiality and integrity impact and a changed scope; EPSS is 0.00% and no public exploit identified at time of analysis.

Information Disclosure Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-0620 MEDIUM PATCH This Month

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

Information Disclosure Path Traversal Samba
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2023-4154 MEDIUM PATCH This Month

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Samba
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-42669 MEDIUM This Month

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Samba Storage Enterprise Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-3961 CRITICAL POC Act Now

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Samba Storage Enterprise Linux +2
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-4091 MEDIUM This Month

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samba Fedora Storage Enterprise Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-42670 MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-5568 MEDIUM This Month

A heap-based Buffer Overflow flaw was discovered in Samba. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Samba
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-3347 MEDIUM This Month

A vulnerability was found in Samba's SMB2 packet signing mechanism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Samba Storage Enterprise Linux +1
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-34968 MEDIUM This Month

A path disclosure vulnerability was found in Samba. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba Fedora Storage Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-34967 MEDIUM This Month

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Samba Fedora Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
62.6%
CVE-2023-34966 HIGH This Week

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora Enterprise Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
62.0%
CVE-2023-0922 MEDIUM This Month

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-0614 MEDIUM This Month

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0225 MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-42898 HIGH POC PATCH This Week

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow RCE Denial Of Service Buffer Overflow Kerberos 5 +2
NVD GitHub
CVSS 3.1
8.8
EPSS
6.4%
CVE-2022-44640 CRITICAL Act Now

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Heimdal Samba
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2022-38023 HIGH PATCH This Week

Netlogon RPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 +5
NVD
CVSS 3.1
8.1
EPSS
2.4%
CVE-2022-37967 HIGH PATCH This Week

Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +6
NVD
CVSS 3.1
7.2
EPSS
4.5%
CVE-2022-37966 HIGH PATCH This Week

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +6
NVD
CVSS 3.1
8.1
EPSS
2.8%
CVE-2022-32743 HIGH POC This Week

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Samba Fedora
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-1615 MEDIUM POC PATCH This Month

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Samba Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-0336 HIGH PATCH This Week

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Samba Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2022-32746 MEDIUM PATCH This Month

A flaw was found in the Samba AD LDAP server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free Samba
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2022-32745 HIGH PATCH This Week

A flaw was found in Samba. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Samba
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2022-32744 HIGH PATCH This Week

A flaw was found in Samba. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Samba
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-32742 MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2022-2031 HIGH This Week

A flaw was found in Samba. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2021-3671 MEDIUM PATCH This Month

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba Debian Linux Management Services For Element Software +2
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-20277 HIGH This Week

A flaw was found in Samba's libldb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samba Debian Linux Fedora
NVD
CVSS 3.1
7.5
EPSS
4.3%
CVE-2021-20254 MEDIUM This Month

A flaw was found in samba. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure Samba Fedora +2
NVD
CVSS 3.1
6.8
EPSS
1.6%
CVE-2020-14318 MEDIUM PATCH This Month

A flaw was found in the way samba handled file and directory permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Samba Storage Enterprise Linux
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2020-14383 MEDIUM PATCH This Month

A flaw was found in samba's DNS server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Samba Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2020-17049 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Windows Server 2012 Windows Server 2016 Windows Server 2019 Samba
NVD
CVSS 3.1
6.6
EPSS
13.8%
CVE-2020-14323 MEDIUM This Month

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Samba Leap Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2020-10745 HIGH This Week

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2020-10730 MEDIUM This Month

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Red Hat Samba +4
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2020-10760 MEDIUM This Month

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Samba Ubuntu Linux +2
NVD
CVSS 3.1
6.5
EPSS
2.7%
CVE-2020-14303 HIGH This Week

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora Leap Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-10704 HIGH This Week

A flaw was found when using samba as an Active Directory Domain Controller. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora Leap Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2020-10700 MEDIUM This Month

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Samba Fedora +1
NVD
CVSS 3.1
5.3
EPSS
2.0%
CVE-2019-14870 MEDIUM This Month

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Samba Fedora Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
5.4
EPSS
2.8%
CVE-2019-14861 MEDIUM This Month

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba Fedora Ubuntu Linux Leap +1
NVD
CVSS 3.1
5.3
EPSS
2.3%
CVE-2019-14847 MEDIUM POC This Month

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Privilege Escalation Denial Of Service Samba Fedora +1
NVD
CVSS 3.1
4.9
EPSS
2.4%
CVE-2019-14833 MEDIUM PATCH This Month

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Samba Fedora Leap
NVD
CVSS 3.1
5.4
EPSS
2.1%
CVE-2019-10218 MEDIUM This Month

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samba Fedora
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2019-10197 CRITICAL Act Now

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.0
9.1
EPSS
3.2%
CVE-2019-12436 MEDIUM This Month

Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Samba Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2019-12435 MEDIUM This Month

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Samba
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2019-3880 MEDIUM PATCH This Month

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Samba Debian Linux Gluster Storage +3
NVD
CVSS 3.1
5.4
EPSS
3.4%
CVE-2019-3870 MEDIUM POC PATCH This Month

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Samba Fedora Directory Server Router Manager +3
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2019-3824 MEDIUM PATCH This Month

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure Samba Ubuntu Linux +1
NVD
CVSS 3.0
6.5
EPSS
2.8%
CVE-2018-16857 MEDIUM PATCH This Month

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba
NVD
CVSS 3.0
5.9
EPSS
2.3%
CVE-2018-16853 MEDIUM This Month

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Samba
NVD
CVSS 3.0
5.9
EPSS
3.1%
CVE-2018-16852 MEDIUM PATCH This Month

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba
NVD
CVSS 3.0
4.4
EPSS
2.2%
CVE-2018-16851 MEDIUM PATCH This Month

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2018-16841 MEDIUM PATCH This Month

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Samba Ubuntu Linux +1
NVD
CVSS 3.1
6.5
EPSS
4.6%
CVE-2018-14629 MEDIUM POC PATCH This Month

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.0
6.5
EPSS
5.2%
CVE-2018-10919 MEDIUM PATCH This Month

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ubuntu Linux Debian Linux Samba
NVD
CVSS 3.0
6.5
EPSS
2.2%
CVE-2018-10918 MEDIUM PATCH This Month

A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Ubuntu Linux Samba
NVD
CVSS 3.0
6.5
EPSS
2.5%
CVE-2018-10858 HIGH This Week

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Debian Linux Ubuntu Linux Samba +5
NVD
CVSS 3.0
8.8
EPSS
4.3%
CVE-2018-1140 MEDIUM PATCH This Month

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Samba
NVD
CVSS 3.0
6.5
EPSS
10.8%
CVE-2018-1139 HIGH This Week

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samba Ubuntu Linux Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.1
8.1
EPSS
3.1%
CVE-2018-1057 HIGH This Week

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Linux Debian Linux Samba
NVD
CVSS 3.1
8.8
EPSS
10.3%
CVE-2018-1050 MEDIUM This Month

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Ubuntu Linux Samba Debian Linux +3
NVD
CVSS 3.1
4.3
EPSS
6.7%
CVE-2017-15275 HIGH Act Now

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.3% and no vendor patch available.

Buffer Overflow Samba Ubuntu Linux Debian Linux Enterprise Linux Desktop +2
NVD
CVSS 3.1
7.5
EPSS
43.3%
CVE-2017-14746 CRITICAL Emergency

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.3% and no vendor patch available.

Memory Corruption Use After Free RCE Samba Ubuntu Linux +4
NVD
CVSS 3.1
9.8
EPSS
31.3%
CVE-2017-11103 HIGH This Week

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Heimdal Freebsd Samba Iphone Os +2
NVD GitHub
CVSS 3.1
8.1
EPSS
5.3%
CVE-2017-9461 MEDIUM POC This Month

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Samba Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Aus +4
NVD
CVSS 3.0
6.5
EPSS
3.4%
CVE-2016-2126 MEDIUM This Month

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samba
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2016-2119 HIGH This Week

libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Samba
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2016-2115 MEDIUM PATCH This Month

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.7%.

Information Disclosure Ubuntu Linux Samba
NVD
CVSS 3.0
5.9
EPSS
22.7%
CVE-2016-2114 MEDIUM PATCH This Month

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
5.9%
CVE-2016-2113 HIGH PATCH This Week

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
7.4
EPSS
4.2%
CVE-2016-2112 MEDIUM PATCH This Month

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.6%.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
16.6%
CVE-2016-2111 MEDIUM PATCH This Month

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
6.3
EPSS
2.8%
CVE-2016-2110 MEDIUM PATCH This Month

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.7%.

Information Disclosure Samba Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
17.7%
CVE-2015-5370 MEDIUM PATCH This Month

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.1%.

RCE Denial Of Service Samba Ubuntu Linux
NVD
CVSS 3.0
5.9
EPSS
21.1%
CVE-2016-2118 HIGH POC THREAT Act Now

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.5%.

Information Disclosure Samba Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
78.5%
Threat
5.4
CVE-2016-0771 MEDIUM This Month

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Samba
NVD
CVSS 3.0
5.9
EPSS
5.7%
CVE-2015-7560 MEDIUM This Month

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.1
6.5
EPSS
4.0%
CVE-2015-8467 HIGH This Week

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Samba Debian Linux Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2015-7540 HIGH Act Now

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.3% and no vendor patch available.

Denial Of Service Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
43.3%
CVE-2015-5330 HIGH This Week

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2015-5299 MEDIUM This Month

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
9.1%
CVE-2015-5296 MEDIUM This Month

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samba Debian Linux Ubuntu Linux
NVD
CVSS 3.1
5.4
EPSS
3.7%
CVE-2015-5252 HIGH POC THREAT Act Now

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.3%.

Privilege Escalation Samba Ubuntu Linux Debian Linux
NVD
CVSS 3.1
7.2
EPSS
17.3%
CVE-2015-3223 MEDIUM This Month

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.3% and no vendor patch available.

Denial Of Service Samba
NVD
CVSS 3.0
5.3
EPSS
20.3%
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

WORM protection bypass in Samba's vfs_worm VFS module allows authenticated share users to defeat data retention controls by renaming a newly created file over an existing WORM-protected file. Affected users are those operating Samba deployments that have explicitly enabled the vfs_worm module for write-once, read-many data protection - such as compliance, archival, or audit log shares. An attacker with low-privilege write access can silently overwrite files that should be immutable post-grace-period, with high integrity impact (CVSS I:H). No public exploit or CISA KEV listing is identified at time of analysis.

Information Disclosure Openshift Container Platform Samba +1
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Access control bypass in Samba allows authenticated SMB users who hold write permissions on the underlying filesystem to create or delete NTFS-style reparse point metadata on shares configured with 'read only = yes', defeating the read-only intent of the export. Because the necessary access checks are missing at the SMB layer, an attacker can change how files behave when accessed over SMB - for example, converting a regular file into a symbolic link or another reparse-point type - yielding an integrity and availability impact (CVSS 7.1). There is no public exploit identified at time of analysis, and CISA's SSVC framework rates exploitation as 'none', non-automatable, with partial technical impact.

Authentication Bypass Openshift Container Platform Samba +1
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Trust-store poisoning in Samba's certificate auto-enrollment lets an adjacent-network attacker install an attacker-controlled CA certificate when auto-enrollment is enabled. Because Samba retrieves the CA certificate over plaintext HTTP and adds it to the local trust store without verifying authenticity, a man-in-the-middle can have a rogue CA trusted system-wide, enabling interception or spoofing of otherwise trusted TLS communications. The issue carries CVSS 8.0 with high confidentiality and integrity impact and a changed scope; EPSS is 0.00% and no public exploit identified at time of analysis.

Information Disclosure Openshift Container Platform Samba +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

Information Disclosure Path Traversal Samba
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Samba
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Samba +7
NVD
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Samba +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samba Fedora +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A heap-based Buffer Overflow flaw was discovered in Samba. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

A vulnerability was found in Samba's SMB2 packet signing mechanism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Samba +3
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A path disclosure vulnerability was found in Samba. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba Fedora +3
NVD
EPSS 63% CVSS 5.3
MEDIUM This Month

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Samba +3
NVD
EPSS 62% CVSS 7.5
HIGH This Week

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samba
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
EPSS 6% CVSS 8.8
HIGH POC PATCH This Week

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow RCE Denial Of Service +4
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Heimdal Samba
NVD GitHub
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Netlogon RPC Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Windows Server 2008 Windows Server 2012 +7
NVD
EPSS 4% CVSS 7.2
HIGH PATCH This Week

Windows Kerberos Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows Server 2008 +8
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows Server 2008 +8
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Samba Fedora
NVD
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Samba Fedora
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Samba Fedora
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

A flaw was found in the Samba AD LDAP server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Information Disclosure Use After Free +1
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

A flaw was found in Samba. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Samba
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A flaw was found in Samba. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Samba
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A flaw was found in Samba. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba +4
NVD GitHub
EPSS 4% CVSS 7.5
HIGH This Week

A flaw was found in Samba's libldb. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samba +2
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

A flaw was found in samba. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +4
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

A flaw was found in the way samba handled file and directory permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Samba Storage +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in samba's DNS server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Samba Enterprise Linux
NVD
EPSS 14% CVSS 6.6
MEDIUM PATCH This Month

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Windows Server 2012 Windows Server 2016 +2
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Samba Leap +2
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora +2
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +6
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 7.5
HIGH This Week

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A flaw was found when using samba as an Active Directory Domain Controller. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora +2
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption +3
NVD
EPSS 3% CVSS 5.4
MEDIUM This Month

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Samba Fedora +3
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba Fedora +3
NVD
EPSS 2% CVSS 4.9
MEDIUM POC This Month

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Privilege Escalation Denial Of Service +3
NVD
EPSS 2% CVSS 5.4
MEDIUM PATCH This Month

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Samba Fedora +1
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samba Fedora
NVD
EPSS 3% CVSS 9.1
CRITICAL Act Now

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samba Ubuntu Linux +1
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Samba +1
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Samba
NVD
EPSS 3% CVSS 5.4
MEDIUM PATCH This Month

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Samba +5
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Samba Fedora +5
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Denial Of Service Buffer Overflow Information Disclosure +3
NVD
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba
NVD
EPSS 3% CVSS 5.9
MEDIUM This Month

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Samba
NVD
EPSS 2% CVSS 4.4
MEDIUM PATCH This Month

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Denial Of Service Samba +2
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 5% CVSS 6.5
MEDIUM POC PATCH This Month

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Samba Ubuntu Linux +1
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ubuntu Linux Debian Linux +1
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Null Pointer Dereference Denial Of Service Ubuntu Linux +1
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Debian Linux +7
NVD
EPSS 11% CVSS 6.5
MEDIUM PATCH This Month

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Samba
NVD
EPSS 3% CVSS 8.1
HIGH This Week

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samba Ubuntu Linux +3
NVD
EPSS 10% CVSS 8.8
HIGH This Week

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Linux Debian Linux +1
NVD
EPSS 7% CVSS 4.3
MEDIUM This Month

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Ubuntu Linux +5
NVD
EPSS 43% CVSS 7.5
HIGH Act Now

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.3% and no vendor patch available.

Buffer Overflow Samba Ubuntu Linux +4
NVD
EPSS 31% CVSS 9.8
CRITICAL Emergency

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.3% and no vendor patch available.

Memory Corruption Use After Free RCE +6
NVD
EPSS 5% CVSS 8.1
HIGH This Week

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Heimdal Freebsd +4
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Samba Enterprise Linux Desktop +6
NVD
EPSS 5% CVSS 6.5
MEDIUM This Month

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samba
NVD
EPSS 2% CVSS 7.5
HIGH This Week

libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Code Injection Samba
NVD
EPSS 23% CVSS 5.9
MEDIUM PATCH This Month

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.7%.

Information Disclosure Ubuntu Linux Samba
NVD
EPSS 6% CVSS 5.9
MEDIUM PATCH This Month

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba Ubuntu Linux
NVD
EPSS 4% CVSS 7.4
HIGH PATCH This Week

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Samba Ubuntu Linux
NVD
EPSS 17% CVSS 5.9
MEDIUM PATCH This Month

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 16.6%.

Information Disclosure Samba Ubuntu Linux
NVD
EPSS 3% CVSS 6.3
MEDIUM PATCH This Month

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required.

Information Disclosure Samba Ubuntu Linux
NVD
EPSS 18% CVSS 5.9
MEDIUM PATCH This Month

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.7%.

Information Disclosure Samba Ubuntu Linux
NVD
EPSS 21% CVSS 5.9
MEDIUM PATCH This Month

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.1%.

RCE Denial Of Service Samba +1
NVD
EPSS 79% 5.4 CVSS 7.5
HIGH POC THREAT Act Now

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.5%.

Information Disclosure Samba Ubuntu Linux +1
NVD GitHub
EPSS 6% CVSS 5.9
MEDIUM This Month

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Buffer Overflow Samba
NVD
EPSS 4% CVSS 6.5
MEDIUM This Month

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Samba Ubuntu Linux +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Samba +2
NVD
EPSS 43% CVSS 7.5
HIGH Act Now

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.3% and no vendor patch available.

Denial Of Service Samba Ubuntu Linux +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
EPSS 9% CVSS 5.3
MEDIUM This Month

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba Debian Linux +1
NVD
EPSS 4% CVSS 5.4
MEDIUM This Month

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samba Debian Linux +1
NVD
EPSS 17% CVSS 7.2
HIGH POC THREAT Act Now

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.3%.

Privilege Escalation Samba Ubuntu Linux +1
NVD
EPSS 20% CVSS 5.3
MEDIUM This Month

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.3% and no vendor patch available.

Denial Of Service Samba
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy