rpm package
suse/samba&distro=SUSE Linux Enterprise Software Development Kit 12 SP4
pkg:rpm/suse/samba&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-14907 | — | < 4.6.16+git.174.c2fd2e28c84-3.49.1 | 4.6.16+git.174.c2fd2e28c84-3.49.1 | Jan 21, 2020 | All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during t | ||
| CVE-2019-10218 | — | < 4.6.16+git.169.064abe062be-3.46.1 | 4.6.16+git.169.064abe062be-3.46.1 | Nov 6, 2019 | A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacke | ||
| CVE-2019-3880 | — | < 4.6.16+git.154.2998451b912-3.40.3 | 4.6.16+git.154.2998451b912-3.40.3 | Apr 9, 2019 | A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba sh |
- CVE-2019-14907Jan 21, 2020affected < 4.6.16+git.174.c2fd2e28c84-3.49.1fixed 4.6.16+git.174.c2fd2e28c84-3.49.1
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during t
- CVE-2019-10218Nov 6, 2019affected < 4.6.16+git.169.064abe062be-3.46.1fixed 4.6.16+git.169.064abe062be-3.46.1
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacke
- CVE-2019-3880Apr 9, 2019affected < 4.6.16+git.154.2998451b912-3.40.3fixed 4.6.16+git.154.2998451b912-3.40.3
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba sh