rpm package
suse/samba&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-3238 | Hig | 7.5 | < 4.22.9+git.506.22c03ce0781-160000.1.1 | 4.22.9+git.506.22c03ce0781-160000.1.1 | Jun 8, 2026 | A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer derefere | |
| CVE-2026-4408 | Cri | 9.0 | < 4.22.9+git.506.22c03ce0781-160000.1.1 | 4.22.9+git.506.22c03ce0781-160000.1.1 | May 28, 2026 | A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed | |
| CVE-2026-2340 | Med | 6.5 | < 4.22.9+git.506.22c03ce0781-160000.1.1 | 4.22.9+git.506.22c03ce0781-160000.1.1 | May 27, 2026 | A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write | |
| CVE-2026-1933 | Hig | 7.1 | < 4.22.9+git.506.22c03ce0781-160000.1.1 | 4.22.9+git.506.22c03ce0781-160000.1.1 | May 27, 2026 | A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations | |
| CVE-2026-3012 | Hig | 8.0 | < 4.22.9+git.506.22c03ce0781-160000.1.1 | 4.22.9+git.506.22c03ce0781-160000.1.1 | May 27, 2026 | A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker w | |
| CVE-2026-4480 | Cri | 9.0 | < 4.22.9+git.506.22c03ce0781-160000.1.1 | 4.22.9+git.506.22c03ce0781-160000.1.1 | May 26, 2026 | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this | |
| CVE-2025-10230 | Cri | 10.0 | < 4.22.5+git.431.dc5a539f124-160000.1.1 | 4.22.5+git.431.dc5a539f124-160000.1.1 | Nov 7, 2025 | A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the | |
| CVE-2025-9640 | Med | 4.3 | < 4.22.5+git.431.dc5a539f124-160000.1.1 | 4.22.5+git.431.dc5a539f124-160000.1.1 | Oct 15, 2025 | A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln |
- affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1
A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer derefere
- affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1
A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed
- affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1
A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write
- affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1
A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations
- affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker w
- affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1
A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this
- affected < 4.22.5+git.431.dc5a539f124-160000.1.1fixed 4.22.5+git.431.dc5a539f124-160000.1.1
A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the
- affected < 4.22.5+git.431.dc5a539f124-160000.1.1fixed 4.22.5+git.431.dc5a539f124-160000.1.1
A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln