VYPR
Vendor

Samba (software)

Samba is a free software implementation of the SMB networking protocol, and was originally developed by Andrew Tridgell. Samba provides file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.

Founded 1992
Products
22
CVEs
235
Across products
257
Status
Private

Products

22

Recent CVEs

235
View all 235 CVEs →
  • CVE-2017-7494CriKEVMay 30, 2017
    risk 0.86cvss 9.8epss 0.99

    Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

  • CVE-2025-10230CriNov 7, 2025
    risk 0.65cvss 10.0epss 0.40

    A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the…

  • CVE-2017-17434CriDec 6, 2017
    risk 0.64cvss 9.8epss 0.03

    The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism to pathnames found in…

  • CVE-2017-14746CriNov 27, 2017
    risk 0.64cvss 9.8epss 0.10

    Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.

  • CVE-2017-16548CriNov 6, 2017
    risk 0.64cvss 9.8epss 0.05

    The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified…

  • CVE-2017-15994CriOct 29, 2017
    risk 0.64cvss 9.8epss 0.01

    rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use…

  • CVE-2018-1057HigMar 13, 2018
    risk 0.58cvss 8.8epss 0.10

    On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg…

  • CVE-2018-1139HigAug 22, 2018
    risk 0.53cvss 8.1epss 0.03

    A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.

  • CVE-2017-2619HigMar 12, 2018
    risk 0.53cvss 7.5epss 0.11

    Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.

  • CVE-2017-11103HigJul 13, 2017
    risk 0.53cvss 8.1epss 0.05

    Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the…

  • CVE-2026-4408CriMay 28, 2026
    risk 0.52cvss 9.0epss 0.03

    A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is…

  • CVE-2026-4480CriMay 26, 2026
    risk 0.52cvss 9.0epss 0.13

    A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this…

  • CVE-2016-2118HigApr 12, 2016
    risk 0.52cvss 7.5epss 0.37

    The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the…

  • CVE-2017-15275HigNov 27, 2017
    risk 0.50cvss 7.5epss 0.21

    Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

  • CVE-2020-25720HigNov 17, 2024
    risk 0.49cvss 7.5epss 0.00

    A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because…

  • CVE-2017-12150HigJul 26, 2018
    risk 0.49cvss 7.4epss 0.13

    It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.

  • CVE-2016-2119HigJul 7, 2016
    risk 0.49cvss 7.5epss 0.03

    libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2)…

  • CVE-2015-8467HigDec 29, 2015
    risk 0.49cvss 7.5epss 0.03

    The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote…

  • CVE-2015-7540HigDec 29, 2015
    risk 0.49cvss 7.5epss 0.07

    The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.

  • CVE-2015-5330HigDec 29, 2015
    risk 0.49cvss 7.5epss 0.06

    ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading…