rpm package
suse/samba&distro=SUSE Linux Enterprise High Availability Extension 15 SP7
pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP7
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-10230 | Cri | 10.0 | < 4.21.8+git.418.e80c9b2a88c-150700.3.11.2 | 4.21.8+git.418.e80c9b2a88c-150700.3.11.2 | Nov 7, 2025 | A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the | |
| CVE-2025-9640 | Med | 4.3 | < 4.21.8+git.418.e80c9b2a88c-150700.3.11.2 | 4.21.8+git.418.e80c9b2a88c-150700.3.11.2 | Oct 15, 2025 | A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln | |
| CVE-2025-0620 | — | < 4.21.6+git.402.80f493f530f-150700.3.3.1 | 4.21.6+git.402.80f493f530f-150700.3.3.1 | Jun 6, 2025 | A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again. |
- affected < 4.21.8+git.418.e80c9b2a88c-150700.3.11.2fixed 4.21.8+git.418.e80c9b2a88c-150700.3.11.2
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the
- affected < 4.21.8+git.418.e80c9b2a88c-150700.3.11.2fixed 4.21.8+git.418.e80c9b2a88c-150700.3.11.2
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln
- CVE-2025-0620Jun 6, 2025affected < 4.21.6+git.402.80f493f530f-150700.3.3.1fixed 4.21.6+git.402.80f493f530f-150700.3.3.1
A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.