Skip to main content

Samba

114 CVEs product

Monthly

CVE-2015-0240 CRITICAL POC THREAT Emergency

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.7%.

RCE Enterprise Linux Samba Suse Linux Enterprise Desktop Suse Linux Enterprise Server +2
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
90.7%
Threat
6.2
CVE-2014-8143 HIGH PATCH This Week

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Privilege Escalation Samba
NVD
CVSS 2.0
8.5
EPSS
4.9%
CVE-2014-3560 HIGH Act Now

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a. Rated high severity (CVSS 7.9). Epss exploitation probability 71.9% and no vendor patch available.

RCE Code Injection Ubuntu Linux Enterprise Linux Samba
NVD
CVSS 2.0
7.9
EPSS
71.9%
CVE-2014-3493 LOW Monitor

The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Samba
NVD
CVSS 2.0
2.7
EPSS
2.4%
CVE-2014-0244 LOW Monitor

The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Epss exploitation probability 20.0% and no vendor patch available.

Denial Of Service Samba
NVD
CVSS 2.0
3.3
EPSS
20.0%
CVE-2014-0239 MEDIUM This Month

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 22.2% and no vendor patch available.

Denial Of Service Samba
NVD
CVSS 2.0
5.0
EPSS
22.2%
CVE-2014-0178 LOW Monitor

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field,. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 2.0
3.5
EPSS
2.3%
CVE-2013-6442 MEDIUM This Month

The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba
NVD VulDB
CVSS 2.0
5.8
EPSS
1.3%
CVE-2013-4496 MEDIUM This Month

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Samba Ubuntu Linux
NVD VulDB
CVSS 2.0
5.0
EPSS
5.5%
CVE-2013-4408 HIGH This Week

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Samba
NVD
CVSS 2.0
8.3
EPSS
2.9%
CVE-2012-6150 LOW POC PATCH Monitor

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which. Rated low severity (CVSS 3.6), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Samba Ubuntu Linux
NVD
CVSS 2.0
3.6
EPSS
0.1%
CVE-2013-4476 LOW Monitor

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Samba
NVD
CVSS 2.0
1.2
EPSS
0.2%
CVE-2013-4475 MEDIUM This Month

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba Debian Linux Ubuntu Linux
NVD
CVSS 2.0
4.0
EPSS
6.9%
CVE-2013-4124 MEDIUM POC PATCH THREAT This Month

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

Denial Of Service Ubuntu Linux Enterprise Linux Fedora Samba +1
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
83.5%
Threat
5.0
CVE-2013-0454 MEDIUM This Month

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Ubuntu Linux Samba Storwize
NVD
CVSS 2.0
4.0
EPSS
1.9%
CVE-2013-1863 MEDIUM PATCH This Month

Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify,. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Samba
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2013-0214 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Samba
NVD
CVSS 2.0
5.1
EPSS
4.9%
CVE-2013-0213 MEDIUM This Month

The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 11.1% and no vendor patch available.

Information Disclosure Samba
NVD
CVSS 2.0
5.1
EPSS
11.1%
CVE-2013-0172 LOW Monitor

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba
NVD
CVSS 2.0
3.5
EPSS
0.3%
CVE-2012-2111 MEDIUM PATCH This Month

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Samba
NVD
CVSS 2.0
6.5
EPSS
2.3%
CVE-2012-1182 CRITICAL POC THREAT Emergency

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.8%.

RCE Samba
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
76.8%
Threat
5.8
CVE-2012-0870 HIGH PATCH Act Now

Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to. Rated high severity (CVSS 7.9). Epss exploitation probability 46.9%.

Buffer Overflow Denial Of Service RCE Samba Blackberry Playbook Tablet +1
NVD
CVSS 2.0
7.9
EPSS
46.9%
CVE-2012-0817 MEDIUM PATCH This Month

Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure Samba
NVD
CVSS 2.0
5.0
EPSS
7.5%
CVE-2026-4408 CRITICAL Act Now

Command injection in Samba (CWE-78) carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is fixed in Alpine Linux package samba 4.23.8-r0, with Red Hat shipping errata RHSA-2026:22644, 22963, 25049, and 25979 for Enterprise Linux 6/7/9 and OpenShift Container Platform 4.0. The flaw allows remote attackers to inject operating-system commands against vulnerable Samba deployments, yielding full confidentiality, integrity, and availability impact. EPSS is modest at 0.23% (46th percentile) and no public exploit identified at time of analysis, but the unauthenticated network attack surface of Samba makes urgent patching warranted.

Command Injection Openshift Container Platform Samba Enterprise Linux
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
EPSS 91% 6.2 CVSS 10.0
CRITICAL POC THREAT Emergency

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 90.7%.

RCE Enterprise Linux Samba +4
NVD Exploit-DB
EPSS 5% CVSS 8.5
HIGH PATCH This Week

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable.

Privilege Escalation Samba
NVD
EPSS 72% CVSS 7.9
HIGH Act Now

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a. Rated high severity (CVSS 7.9). Epss exploitation probability 71.9% and no vendor patch available.

RCE Code Injection Ubuntu Linux +2
NVD
EPSS 2% CVSS 2.7
LOW Monitor

The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon. Rated low severity (CVSS 2.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Samba
NVD
EPSS 20% CVSS 3.3
LOW Monitor

The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Epss exploitation probability 20.0% and no vendor patch available.

Denial Of Service Samba
NVD
EPSS 22% CVSS 5.0
MEDIUM This Month

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 22.2% and no vendor patch available.

Denial Of Service Samba
NVD
EPSS 2% CVSS 3.5
LOW Monitor

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field,. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Samba
NVD
EPSS 1% CVSS 5.8
MEDIUM This Month

The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba
NVD VulDB
EPSS 6% CVSS 5.0
MEDIUM This Month

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Samba Ubuntu Linux
NVD VulDB
EPSS 3% CVSS 8.3
HIGH This Week

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Samba
NVD
EPSS 0% CVSS 3.6
LOW POC PATCH Monitor

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which. Rated low severity (CVSS 3.6), this vulnerability is remotely exploitable. Public exploit code available.

Authentication Bypass Samba Ubuntu Linux
NVD
EPSS 0% CVSS 1.2
LOW Monitor

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information. Rated low severity (CVSS 1.2). No vendor patch available.

Information Disclosure Samba
NVD
EPSS 7% CVSS 4.0
MEDIUM This Month

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba Debian Linux +1
NVD
EPSS 84% 5.0 CVSS 5.0
MEDIUM POC PATCH THREAT This Month

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

Denial Of Service Ubuntu Linux Enterprise Linux +3
NVD Exploit-DB
EPSS 2% CVSS 4.0
MEDIUM This Month

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Ubuntu Linux +2
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify,. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Privilege Escalation Samba
NVD
EPSS 5% CVSS 5.1
MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Samba
NVD
EPSS 11% CVSS 5.1
MEDIUM This Month

The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. Epss exploitation probability 11.1% and no vendor patch available.

Information Disclosure Samba
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Samba
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Samba
NVD
EPSS 77% 5.8 CVSS 10.0
CRITICAL POC THREAT Emergency

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 76.8%.

RCE Samba
NVD Exploit-DB
EPSS 47% CVSS 7.9
HIGH PATCH Act Now

Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to. Rated high severity (CVSS 7.9). Epss exploitation probability 46.9%.

Buffer Overflow Denial Of Service RCE +3
NVD
EPSS 8% CVSS 5.0
MEDIUM PATCH This Month

Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Denial Of Service Information Disclosure Samba
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Command injection in Samba (CWE-78) carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) and is fixed in Alpine Linux package samba 4.23.8-r0, with Red Hat shipping errata RHSA-2026:22644, 22963, 25049, and 25979 for Enterprise Linux 6/7/9 and OpenShift Container Platform 4.0. The flaw allows remote attackers to inject operating-system commands against vulnerable Samba deployments, yielding full confidentiality, integrity, and availability impact. EPSS is modest at 0.23% (46th percentile) and no public exploit identified at time of analysis, but the unauthenticated network attack surface of Samba makes urgent patching warranted.

Command Injection Openshift Container Platform Samba +1
NVD VulDB
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy