VYPR

Samba

by Samba (software)

Source repositories

CVEs (206)

  • CVE-2019-3824Mar 6, 2019
    risk 0.01cvss epss 0.03

    A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

  • CVE-2018-16841Nov 28, 2018
    risk 0.01cvss epss 0.05

    Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not…

  • CVE-2018-16851Nov 28, 2018
    risk 0.01cvss epss 0.03

    Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of…

  • CVE-2014-3493Jun 23, 2014
    risk 0.01cvss epss 0.07

    The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname without specifying use of…

  • CVE-2013-4496Mar 14, 2014
    risk 0.01cvss epss 0.11

    Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.

  • CVE-2013-4475Nov 13, 2013
    risk 0.01cvss epss 0.09

    Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file and an associated alternate…

  • CVE-2012-0870Feb 23, 2012
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a…

  • CVE-2011-2694Jul 29, 2011
    risk 0.01cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd…

  • CVE-2010-3069Sep 15, 2010
    risk 0.01cvss epss 0.11

    Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.

  • CVE-2007-5398Nov 16, 2007
    risk 0.01cvss epss 0.11

    Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests followed by a WINS Name…

  • CVE-2007-0454Feb 6, 2007
    risk 0.01cvss epss 0.06

    Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

  • CVE-2004-0882Jan 27, 2005
    risk 0.01cvss epss 0.14

    Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.

  • CVE-2004-1154Jan 10, 2005
    risk 0.01cvss epss 0.13

    Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a…

  • CVE-2002-2196Dec 31, 2002
    risk 0.01cvss epss 0.07

    Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.

  • CVE-2025-0620Jun 6, 2025
    risk 0.00cvss epss 0.01

    A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

  • CVE-2023-4154Nov 7, 2023
    risk 0.00cvss epss 0.01

    A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes,…

  • CVE-2023-42669Nov 6, 2023
    risk 0.00cvss epss 0.02

    A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with…

  • CVE-2023-3961Nov 3, 2023
    risk 0.00cvss epss 0.02

    A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS,…

  • CVE-2023-42670Nov 3, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for…

  • CVE-2023-4091Nov 3, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client…

Page 5 of 11