VYPR

rpm package

suse/samba&distro=SUSE Linux Micro 6.2

pkg:rpm/suse/samba&distro=SUSE%20Linux%20Micro%206.2

Vulnerabilities (8)

  • CVE-2026-3238HigJun 8, 2026
    affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1

    A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packets, allowing an unauthenticated remote attacker to trigger a NULL pointer derefere

  • CVE-2026-4408CriMay 28, 2026
    affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1

    A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed

  • CVE-2026-2340MedMay 27, 2026
    affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1

    A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write

  • CVE-2026-1933HigMay 27, 2026
    affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1

    A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations

  • CVE-2026-3012HigMay 27, 2026
    affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1

    A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker w

  • CVE-2026-4480CriMay 26, 2026
    affected < 4.22.9+git.506.22c03ce0781-160000.1.1fixed 4.22.9+git.506.22c03ce0781-160000.1.1

    A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this

  • CVE-2025-10230CriNov 7, 2025
    affected < 4.22.5+git.431.dc5a539f124-160000.1.1fixed 4.22.5+git.431.dc5a539f124-160000.1.1

    A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the

  • CVE-2025-9640MedOct 15, 2025
    affected < 4.22.5+git.431.dc5a539f124-160000.1.1fixed 4.22.5+git.431.dc5a539f124-160000.1.1

    A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure vuln