rpm package
suse/samba&distro=SUSE Linux Enterprise High Availability Extension 15 SP3
pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3
Vulnerabilities (42)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-10230 | Cri | 10.0 | < 4.15.13+git.736.b791be993ba-150300.3.96.1 | 4.15.13+git.736.b791be993ba-150300.3.96.1 | Nov 7, 2025 | A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the | |
| CVE-2025-9640 | Med | 4.3 | < 4.15.13+git.736.b791be993ba-150300.3.96.1 | 4.15.13+git.736.b791be993ba-150300.3.96.1 | Oct 15, 2025 | A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln | |
| CVE-2023-4154 | — | < 4.15.13+git.691.3d3cea0641-150300.3.63.1 | 4.15.13+git.691.3d3cea0641-150300.3.63.1 | Nov 7, 2023 | A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, inc | ||
| CVE-2023-42669 | — | < 4.15.13+git.691.3d3cea0641-150300.3.63.1 | 4.15.13+git.691.3d3cea0641-150300.3.63.1 | Nov 6, 2023 | A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on | ||
| CVE-2023-4091 | — | < 4.15.13+git.691.3d3cea0641-150300.3.63.1 | 4.15.13+git.691.3d3cea0641-150300.3.63.1 | Nov 3, 2023 | A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque | ||
| CVE-2023-34968 | — | < 4.15.13+git.663.9c654e06cdb-150300.3.57.5 | 4.15.13+git.663.9c654e06cdb-150300.3.57.5 | Jul 20, 2023 | A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request | ||
| CVE-2023-34967 | — | < 4.15.13+git.663.9c654e06cdb-150300.3.57.5 | 4.15.13+git.663.9c654e06cdb-150300.3.57.5 | Jul 20, 2023 | A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th | ||
| CVE-2023-34966 | — | < 4.15.13+git.663.9c654e06cdb-150300.3.57.5 | 4.15.13+git.663.9c654e06cdb-150300.3.57.5 | Jul 20, 2023 | An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements | ||
| CVE-2022-2127 | — | < 4.15.13+git.663.9c654e06cdb-150300.3.57.5 | 4.15.13+git.663.9c654e06cdb-150300.3.57.5 | Jul 20, 2023 | An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to | ||
| CVE-2023-0922 | — | < 4.15.13+git.636.53d93c5b9d6-150300.3.52.1 | 4.15.13+git.636.53d93c5b9d6-150300.3.52.1 | Apr 3, 2023 | The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | ||
| CVE-2023-0614 | — | < 4.15.13+git.636.53d93c5b9d6-150300.3.52.1 | 4.15.13+git.636.53d93c5b9d6-150300.3.52.1 | Apr 3, 2023 | The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. | ||
| CVE-2023-0225 | — | < 4.15.13+git.636.53d93c5b9d6-150300.3.52.1 | 4.15.13+git.636.53d93c5b9d6-150300.3.52.1 | Apr 3, 2023 | A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | ||
| CVE-2021-20251 | — | < 4.15.13+git.591.ab36624310c-150300.3.49.1 | 4.15.13+git.591.ab36624310c-150300.3.49.1 | Mar 6, 2023 | A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. | ||
| CVE-2022-3437 | — | < 4.15.12+git.535.7750e5c95ef-150300.3.43.1 | 4.15.12+git.535.7750e5c95ef-150300.3.43.1 | Jan 12, 2023 | A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w | ||
| CVE-2022-42898 | — | < 4.15.12+git.535.7750e5c95ef-150300.3.43.1 | 4.15.12+git.535.7750e5c95ef-150300.3.43.1 | Dec 25, 2022 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cau | ||
| CVE-2022-38023 | — | < 4.15.13+git.540.fab3b2a46c6-150300.3.46.1 | 4.15.13+git.540.fab3b2a46c6-150300.3.46.1 | Nov 9, 2022 | Netlogon RPC Elevation of Privilege Vulnerability | ||
| CVE-2022-37967 | — | < 4.15.13+git.540.fab3b2a46c6-150300.3.46.1 | 4.15.13+git.540.fab3b2a46c6-150300.3.46.1 | Nov 9, 2022 | Windows Kerberos Elevation of Privilege Vulnerability | ||
| CVE-2022-37966 | — | < 4.15.13+git.540.fab3b2a46c6-150300.3.46.1 | 4.15.13+git.540.fab3b2a46c6-150300.3.46.1 | Nov 9, 2022 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | ||
| CVE-2022-32743 | — | < 4.15.8+git.527.8d0c05d313e-150300.3.40.2 | 4.15.8+git.527.8d0c05d313e-150300.3.40.2 | Sep 1, 2022 | Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | ||
| CVE-2022-1615 | — | < 4.15.8+git.527.8d0c05d313e-150300.3.40.2 | 4.15.8+git.527.8d0c05d313e-150300.3.40.2 | Sep 1, 2022 | In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. |
- affected < 4.15.13+git.736.b791be993ba-150300.3.96.1fixed 4.15.13+git.736.b791be993ba-150300.3.96.1
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the
- affected < 4.15.13+git.736.b791be993ba-150300.3.96.1fixed 4.15.13+git.736.b791be993ba-150300.3.96.1
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln
- CVE-2023-4154Nov 7, 2023affected < 4.15.13+git.691.3d3cea0641-150300.3.63.1fixed 4.15.13+git.691.3d3cea0641-150300.3.63.1
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, inc
- CVE-2023-42669Nov 6, 2023affected < 4.15.13+git.691.3d3cea0641-150300.3.63.1fixed 4.15.13+git.691.3d3cea0641-150300.3.63.1
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with on
- CVE-2023-4091Nov 3, 2023affected < 4.15.13+git.691.3d3cea0641-150300.3.63.1fixed 4.15.13+git.691.3d3cea0641-150300.3.63.1
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client reque
- CVE-2023-34968Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150300.3.57.5fixed 4.15.13+git.663.9c654e06cdb-150300.3.57.5
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request
- CVE-2023-34967Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150300.3.57.5fixed 4.15.13+git.663.9c654e06cdb-150300.3.57.5
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in th
- CVE-2023-34966Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150300.3.57.5fixed 4.15.13+git.663.9c654e06cdb-150300.3.57.5
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements
- CVE-2022-2127Jul 20, 2023affected < 4.15.13+git.663.9c654e06cdb-150300.3.57.5fixed 4.15.13+git.663.9c654e06cdb-150300.3.57.5
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to
- CVE-2023-0922Apr 3, 2023affected < 4.15.13+git.636.53d93c5b9d6-150300.3.52.1fixed 4.15.13+git.636.53d93c5b9d6-150300.3.52.1
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
- CVE-2023-0614Apr 3, 2023affected < 4.15.13+git.636.53d93c5b9d6-150300.3.52.1fixed 4.15.13+git.636.53d93c5b9d6-150300.3.52.1
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
- CVE-2023-0225Apr 3, 2023affected < 4.15.13+git.636.53d93c5b9d6-150300.3.52.1fixed 4.15.13+git.636.53d93c5b9d6-150300.3.52.1
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
- CVE-2021-20251Mar 6, 2023affected < 4.15.13+git.591.ab36624310c-150300.3.49.1fixed 4.15.13+git.591.ab36624310c-150300.3.49.1
A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.
- CVE-2022-3437Jan 12, 2023affected < 4.15.12+git.535.7750e5c95ef-150300.3.43.1fixed 4.15.12+git.535.7750e5c95ef-150300.3.43.1
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w
- CVE-2022-42898Dec 25, 2022affected < 4.15.12+git.535.7750e5c95ef-150300.3.43.1fixed 4.15.12+git.535.7750e5c95ef-150300.3.43.1
PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cau
- CVE-2022-38023Nov 9, 2022affected < 4.15.13+git.540.fab3b2a46c6-150300.3.46.1fixed 4.15.13+git.540.fab3b2a46c6-150300.3.46.1
Netlogon RPC Elevation of Privilege Vulnerability
- CVE-2022-37967Nov 9, 2022affected < 4.15.13+git.540.fab3b2a46c6-150300.3.46.1fixed 4.15.13+git.540.fab3b2a46c6-150300.3.46.1
Windows Kerberos Elevation of Privilege Vulnerability
- CVE-2022-37966Nov 9, 2022affected < 4.15.13+git.540.fab3b2a46c6-150300.3.46.1fixed 4.15.13+git.540.fab3b2a46c6-150300.3.46.1
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
- CVE-2022-32743Sep 1, 2022affected < 4.15.8+git.527.8d0c05d313e-150300.3.40.2fixed 4.15.8+git.527.8d0c05d313e-150300.3.40.2
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
- CVE-2022-1615Sep 1, 2022affected < 4.15.8+git.527.8d0c05d313e-150300.3.40.2fixed 4.15.8+git.527.8d0c05d313e-150300.3.40.2
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
Page 1 of 3