VYPR

Vendor CVEs

Samba (software)

All CVEs

235 total · sorted by risk
  • CVE-2026-43619MedMay 20, 2026
    risk 0.34cvss 6.3epss 0.00

    Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported…

  • CVE-2018-10918MedAug 22, 2018
    risk 0.34cvss 5.2epss 0.03

    A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4…

  • CVE-2018-10919MedAug 22, 2018
    risk 0.28cvss 4.3epss 0.02

    The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16,…

  • CVE-2018-10858MedAug 22, 2018
    risk 0.28cvss 4.3epss 0.04

    A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

  • CVE-2018-1050MedMar 13, 2018
    risk 0.28cvss 4.3epss 0.07

    All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler…

  • CVE-2017-12163MedJul 26, 2018
    risk 0.27cvss 4.1epss 0.08

    An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the…

  • CVE-2026-43617MedMay 20, 2026
    risk 0.24cvss 4.8epss 0.00

    Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP…

  • CVE-2017-17433LowDec 6, 2017
    risk 0.24cvss 3.7epss 0.02

    The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended…

  • CVE-2025-9640MedOct 15, 2025
    risk 0.21cvss 4.3epss 0.00

    A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content that may include sensitive data, resulting in an information disclosure…

  • CVE-2026-45232LowMay 20, 2026
    risk 0.13cvss 3.1epss 0.00

    Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by…

  • CVE-2015-0240Feb 24, 2015
    risk 0.10cvss epss 0.88

    The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execute arbitrary code via crafted…

  • CVE-2003-0201May 5, 2003
    risk 0.10cvss epss 0.84

    Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

  • CVE-2003-0085Mar 31, 2003
    risk 0.10cvss epss 0.88

    Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

  • CVE-2013-4124Aug 6, 2013
    risk 0.09cvss epss 0.69

    Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.

  • CVE-2012-1182Apr 10, 2012
    risk 0.09cvss epss 0.74

    The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a…

  • CVE-2010-2063Jun 17, 2010
    risk 0.09cvss epss 0.79

    Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted…

  • CVE-2008-1105May 29, 2008
    risk 0.09cvss epss 0.69

    Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.

  • CVE-2007-2446May 14, 2007
    risk 0.09cvss epss 0.78

    Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving (1) DFSEnum (netdfs_io_dfs_EnumInfo_d), (2) RFNPCNEX (smb_io_notify_option_type_data), (3)…

  • CVE-2004-2687Dec 31, 2004
    risk 0.09cvss epss 0.81

    distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.

  • CVE-2002-1318Dec 11, 2002
    risk 0.07cvss epss 0.52

    Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode…

  • CVE-2014-3560Aug 6, 2014
    risk 0.05cvss epss 0.56

    NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the unstrcpy macro in…

  • CVE-2014-0239May 28, 2014
    risk 0.05cvss epss 0.68

    The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that…

  • CVE-2010-0926Mar 10, 2010
    risk 0.05cvss epss 0.31

    The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in…

  • CVE-2007-6015Dec 13, 2007
    risk 0.05cvss epss 0.27

    Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset…

  • CVE-2004-0600Jul 27, 2004
    risk 0.05cvss epss 0.29

    Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

  • CVE-2011-2522Jul 29, 2011
    risk 0.04cvss epss 0.10

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4)…

  • CVE-2009-1886Jun 25, 2009
    risk 0.04cvss epss 0.12

    Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.

  • CVE-2001-1162Jun 23, 2001
    risk 0.04cvss epss 0.12

    Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

  • CVE-2000-0937Dec 19, 2000
    risk 0.04cvss epss 0.08

    Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.

  • CVE-1999-0182Sep 30, 1997
    risk 0.04cvss epss 0.10

    Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.

  • CVE-2021-44142Feb 21, 2022
    risk 0.03cvss epss 0.74

    The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow…

  • CVE-2004-0186Mar 15, 2004
    risk 0.03cvss epss 0.02

    smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

  • CVE-2001-0406Jul 2, 2001
    risk 0.03cvss epss 0.01

    Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.

  • CVE-2000-0935Dec 19, 2000
    risk 0.03cvss epss 0.01

    Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.

  • CVE-2000-0936Dec 19, 2000
    risk 0.03cvss epss 0.01

    Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.

  • CVE-1999-0811Jul 21, 1999
    risk 0.03cvss epss 0.03

    Buffer overflow in Samba smbd program via a malformed message command.

  • CVE-2023-34967Jul 20, 2023
    risk 0.02cvss epss 0.63

    A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in…

  • CVE-2020-10745Jul 7, 2020
    risk 0.02cvss epss 0.04

    A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server to consume excessive CPU use, resulting in a denial of service. This highest…

  • CVE-2020-14303Jul 6, 2020
    risk 0.02cvss epss 0.04

    A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash.

  • CVE-2014-0244Jun 23, 2014
    risk 0.02cvss epss 0.20

    The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.

  • CVE-2003-0196May 5, 2003
    risk 0.02cvss epss 0.23

    Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.

  • CVE-2023-5568Oct 24, 2023
    risk 0.01cvss epss 0.02

    A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.

  • CVE-2023-34966Jul 20, 2023
    risk 0.01cvss epss 0.62

    An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements…

  • CVE-2020-27840May 12, 2021
    risk 0.01cvss epss 0.04

    A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to…

  • CVE-2020-10704May 6, 2020
    risk 0.01cvss epss 0.03

    A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from…

  • CVE-2019-14907Jan 21, 2020
    risk 0.01cvss epss 0.03

    All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during…

  • CVE-2019-3824Mar 6, 2019
    risk 0.01cvss epss 0.03

    A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service.

  • CVE-2018-16851Nov 28, 2018
    risk 0.01cvss epss 0.03

    Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of…

  • CVE-2018-16841Nov 28, 2018
    risk 0.01cvss epss 0.05

    Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not…

  • CVE-2014-9512Feb 12, 2015
    risk 0.01cvss epss 0.07

    rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

Page 2 of 5