samba · threatengine.sh

CVE-2025-0620

>= 4.21.0 and < 4.21.6

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB

4.9MEDIUM

CVE-2024-12084

all versions

A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled che

9.8CRITICAL

CVE-2024-12088

<= 3.3.0

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link dest

6.5MEDIUM

CVE-2024-12087

<= 3.3.0

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled

6.5MEDIUM

CVE-2024-12086

<= 3.3.0

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This

6.1MEDIUM

CVE-2024-12085

< 3.3.0

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate

7.5HIGH

CVE-2023-4154

>= 4.0.0 and < 4.17.12

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to priv

7.5HIGH

CVE-2023-42669

>= 4.0.0 and < 4.17.12

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack ele

6.5MEDIUM

CVE-2023-3961

< 4.17.12

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within

9.1CRITICAL

CVE-2023-4091

< 4.17.12

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when

6.5MEDIUM

CVE-2023-42670

< 4.17.12

A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causin

6.5MEDIUM

CVE-2023-5568

< 4.19.2

A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnera

5.9MEDIUM

CVE-2023-3347

>= 4.17.0 and < 4.17.10

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured

5.9MEDIUM

CVE-2023-34968

< 4.16.11

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute pa

5.3MEDIUM

CVE-2023-34967

< 4.16.11

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, o

5.3MEDIUM

CVE-2023-34966

< 4.16.11

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets se

7.5HIGH

CVE-2022-2127

>= 4.16.0 and < 4.16.10

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When perform

5.9MEDIUM

CVE-2023-0922

>= 4.0.0 and < 4.16.10

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over

5.9MEDIUM

CVE-2023-0614

>= 4.0.0 and < 4.16.10

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient an

6.5MEDIUM

CVE-2023-0225

>= 4.17.0 and < 4.17.7

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to dele

4.3MEDIUM

CVE-2022-45141

< 4.15.13

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429

9.8CRITICAL

CVE-2021-20251

>= 4.1.0 and < 4.16.8

A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being success

5.9MEDIUM

CVE-2018-14628

>= 4.0.0 and < 4.18.9

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated bu

4.3MEDIUM

CVE-2022-3592

>= 4.17.0 and < 4.17.2

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the con

6.5MEDIUM

CVE-2022-3437

>= 4.0.0 and < 4.15.11

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal

6.5MEDIUM

CVE-2022-42898

< 4.15.12

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code

8.8HIGH

CVE-2022-44640

>= 4.15.0 and < 4.15.3

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the K

9.8CRITICAL

CVE-2022-4603

< 2.5.0

A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of

4.3MEDIUM

CVE-2022-38023

< 4.15.13

Netlogon RPC Elevation of Privilege Vulnerability

8.1HIGH

CVE-2022-37967

< 4.15.13

Windows Kerberos Elevation of Privilege Vulnerability

7.2HIGH

CVE-2022-37966

< 4.15.13

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

8.1HIGH

CVE-2022-32743

>= 4.1.0 and < 4.17.0

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to w

7.5HIGH

CVE-2022-1615

>= 4.1.0 and < 4.17.0

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.

5.5MEDIUM

CVE-2022-0336

>= 4.0.0 and < 4.13.17

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with th

8.8HIGH

CVE-2022-32746

>= 4.3.0 and < 4.14.14

A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a pr

5.4MEDIUM

CVE-2022-32745

>= 4.13.14 and < 4.14.14

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request

8.1HIGH

CVE-2022-32744

>= 4.3.0 and < 4.14.14

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd reque

8.8HIGH

CVE-2022-32742

< 4.14.14

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to

4.3MEDIUM

CVE-2022-2031

< 4.14.14

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of ke

8.8HIGH

CVE-2021-3670

>= 4.1.0 and < 4.16.0

MaxQueryDuration not honoured in Samba AD DC LDAP

6.5MEDIUM

CVE-2021-20316

< 4.15.0

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to

6.8MEDIUM

CVE-2022-29154

< 3.2.5

An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories

7.4HIGH

CVE-2022-29869

< 6.15

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is

5.3MEDIUM

CVE-2022-27239

< 6.15

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to loca

7.8HIGH

CVE-2020-25721

>= 4.13.0 and < 4.13.14

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applic

8.8HIGH

CVE-2021-3738

>= 4.0.0 and < 4.13.14

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'a

8.8HIGH

CVE-2021-23192

>= 4.10.0 and < 4.13.14

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose

7.5HIGH

CVE-2021-44141

< 4.15.5

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or direct

4.3MEDIUM

CVE-2021-44142

< 4.13.17

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients

8.8HIGH

CVE-2020-25722

>= 4.0.0 and < 4.13.14

Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use

8.8HIGH

CVE-2020-25719

>= 4.0.0 and < 4.13.14

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The S

7.2HIGH

CVE-2020-25718

>= 4.0.0 and < 4.13.14

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controll

8.8HIGH

CVE-2020-25717

>= 3.0.0 and < 4.13.14

A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possibl

8.1HIGH

CVE-2016-2124

>= 3.0.0 and < 4.13.14

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext passw

5.9MEDIUM

CVE-2021-43566

< 4.13.16

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be c

2.5LOW

CVE-2021-3671

< 4.13.12

A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server -

6.5MEDIUM

CVE-2020-14387

>= 3.2.1 and < 3.2.4

A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperly validates certificate with host mismatch vulnerability. A

7.4HIGH

CVE-2020-27840

>= 4.0.0 and < 4.12.13

A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN s

7.5HIGH

CVE-2021-20277

>= 4.0.0 and < 4.12.13

A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory

7.5HIGH

CVE-2021-20254

>= 3.6.0 and < 4.12.15

A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The cod

6.8MEDIUM

CVE-2021-20208

>= 4.0 and < 6.13

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can u

6.1MEDIUM

CVE-2020-14318

>= 3.6.0 and < 4.11.15

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access

4.3MEDIUM

CVE-2020-14383

>= 4.0.0 and < 4.11.15

A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, whi

6.5MEDIUM

CVE-2020-17049

>= 4.1.0 and < 4.13.13

A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used

6.6MEDIUM

CVE-2020-14323

>= 3.6.0 and < 4.11.15

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1.

5.5MEDIUM

CVE-2020-14342

>= 5.6 and <= 6.10

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject ar

4.4MEDIUM

CVE-2020-1472

< 4.10.18

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a d

5.5MEDIUM

CVE-2020-10745

>= 4.0.0 and < 4.10.17

A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/I

7.5HIGH

CVE-2020-10730

>= 4.5.0 and < 4.10.17

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4

6.5MEDIUM

CVE-2020-10760

>= 4.5.0 and < 4.10.17

A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC co

6.5MEDIUM

CVE-2020-14303

>= 4.10.0 and < 4.10.17

A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user coul

7.5HIGH

CVE-2020-10704

>= 4.0.0 and < 4.10.15

A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Ac

7.5HIGH

CVE-2020-10700

>= 4.10.0 and < 4.10.15

A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' co

5.3MEDIUM

CVE-2019-19344

>= 4.9.0 and < 4.9.18

There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba

6.5MEDIUM

CVE-2019-14907

>= 4.9.0 and < 4.9.18

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log

6.5MEDIUM

CVE-2019-14902

>= 4.0.0 and < 4.9.18

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x version

5.4MEDIUM

CVE-2011-3585

all versions

Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of se

4.7MEDIUM

CVE-2019-14870

>= 4.0.0 and < 4.9.17

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerbe

5.4MEDIUM

CVE-2019-14861

>= 4.0.0 and < 4.9.17

All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dns

5.3MEDIUM

CVE-2019-14847

>= 4.0.0 and < 4.9.15

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via d

4.9MEDIUM

CVE-2019-14833

>= 4.5.0 and < 4.9.15

A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handl

5.4MEDIUM

CVE-2019-10218

< 4.9.15

A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can sup

6.5MEDIUM

CVE-2019-10197

>= 4.9.0 and <= 4.9.13

A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain pa

6.5MEDIUM

CVE-2019-3800

< 1.1.1

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user aut

6.3MEDIUM

CVE-2018-16860

>= 4.8.0 and < 4.8.12

A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4

7.5HIGH

CVE-2019-12436

>= 4.10.0 and < 4.10.5

Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to a

6.5MEDIUM

CVE-2019-12435

>= 4.9.0 and < 4.9.9

Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to

6.5MEDIUM

CVE-2019-3880

>= 3.2.0 and < 4.8.11

A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker

5.4MEDIUM

CVE-2019-3870

>= 4.9.0 and < 4.9.6

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new

6.1MEDIUM

CVE-2019-3824

< 4.10.0

A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before

6.5MEDIUM

CVE-2018-16857

>= 4.9.0 and < 4.9.3

Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute for

7.4HIGH

CVE-2018-16853

>= 4.7.0 and < 4.7.12

Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the n

7.5HIGH

CVE-2018-16852

>= 4.9.0 and < 4.9.3

Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zo

6.5MEDIUM

CVE-2018-16851

>= 4.0.0 and < 4.7.12

Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of a

6.5MEDIUM

CVE-2018-16841

>= 4.3.0 and < 4.7.12

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to acc

6.5MEDIUM

CVE-2018-14629

>= 4.0.0 and < 4.7.12

A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. A CNAME loop cou

6.5MEDIUM

CVE-2016-2123

>= 4.0.0 and <= 4.0.26

A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading

8.8HIGH

CVE-2016-2125

>= 3.0.25 and < 4.3.13

It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authenticati

6.5MEDIUM

CVE-2018-10919

>= 4.0.0 and < 4.6.16

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks.

4.3MEDIUM

CVE-2018-10918

>= 4.7.0 and < 4.7.9

A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated

5.2MEDIUM

CVE-2018-10858

< 4.6.16

A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba

4.3MEDIUM

CVE-2018-1140

>= 4.8.0 and < 4.8.4

A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use

6.5MEDIUM

CVE-2018-1139

>= 4.7.0 and < 4.7.9

A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explic

8.1HIGH

CVE-2017-12151

< 4.4.16

A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol s

7.4HIGH

CVE-2017-12150

>= 3.0.25 and < 4.4.16

It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain conf

7.4HIGH

CVE-2017-12163

< 4.4.16

An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x

4.1MEDIUM

CVE-2018-1057

>= 4.0.0 and < 4.5.16

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwor

8.8HIGH

CVE-2018-1050

>= 3.6.0 and < 4.5.16

All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured t

4.3MEDIUM

CVE-2017-2619

< 4.4.12

Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas o

7.5HIGH

CVE-2018-5764

< 3.1.3

The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which all

7.5HIGH

CVE-2017-17434

<= 3.1.2

The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_lis

9.8CRITICAL

CVE-2017-17433

all versions

The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain

3.7LOW

CVE-2017-15275

>= 3.6.0 and < 4.5.15

Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear alloc

7.5HIGH

CVE-2017-14746

>= 4.0.0 and < 4.5.0

Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 reques

9.8CRITICAL

CVE-2017-16548

> 2.6.9 and <= 3.1.2

The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xat

9.8CRITICAL

CVE-2017-15994

<= 3.1.2

rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass inten

9.8CRITICAL

CVE-2017-11103

>= 4.0.0 and < 4.4.15

Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal

8.1HIGH

CVE-2017-9461

<= 4.4.9

smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high C

6.5MEDIUM

CVE-2017-7494

>= 3.5.0 and < 4.4.0

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a mal

9.8CRITICAL

CVE-2016-2126

>= 4.0.0 and < 4.3.13

Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Cer

6.5MEDIUM

CVE-2016-2119

>= 4.0.0 and < 4.2.14

libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attacke

7.5HIGH

CVE-2016-2115

all versions

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session o

5.9MEDIUM

CVE-2016-2114

all versions

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "se

5.9MEDIUM

CVE-2016-2113

all versions

Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which all

7.4HIGH

CVE-2016-2112

all versions

The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize

5.9MEDIUM

CVE-2016-2111

all versions

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is c

6.3MEDIUM

CVE-2016-2110

all versions

The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows ma

5.9MEDIUM

CVE-2015-5370

all versions

Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which a

5.9MEDIUM

CVE-2016-2118

>= 3.6.0 and < 4.2.10

The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mi

7.5HIGH

CVE-2016-0771

all versions

The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD

5.9MEDIUM

CVE-2015-7560

>= 3.2.0 and < 4.1.23

The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0

6.5MEDIUM

CVE-2015-8467

>= 4.0.0 and < 4.1.22

The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2

7.5HIGH

CVE-2015-7540

>= 4.0.0 and < 4.1.22

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 mem

7.5HIGH

CVE-2015-5330

all versions

ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandle

7.5HIGH

CVE-2015-5299

>= 3.0.20 and < 4.1.22

The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.

5.3MEDIUM

CVE-2015-5296

>= 3.2.0 and < 4.1.22

Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned,

5.4MEDIUM

CVE-2015-5252

>= 3.0.0 and < 4.1.22

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substr

7.2HIGH

CVE-2015-3223

all versions

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4

5.3MEDIUM

CVE-2015-0240

all versions

The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4

CVE-2014-9512

all versions

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

CVE-2014-8143

all versions

Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is con

CVE-2014-3560

all versions

NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitr

CVE-2014-3493

all versions

The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authentica

CVE-2014-0244

all versions

The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attacker

CVE-2014-0239

>= 4.0.0 and < 4.0.18

The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message be

CVE-2014-0178

>= 3.6.6 and < 3.6.25

Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled,

CVE-2014-2855

<= 3.1.0

The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infin

CVE-2013-6442

all versions

The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of

CVE-2013-4496

>= 3.4.0 and < 3.6.23

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism f

CVE-2013-4408

all versions

Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x befo

CVE-2012-6150

>= 3.3.10 and < 3.4.0

The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_members

CVE-2013-4476

all versions

Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a pr

CVE-2013-4475

>= 3.2.0 and < 3.6.20

Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr

CVE-2013-4124

all versions

Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.

CVE-2013-0454

<= 3.6.5

The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1

CVE-2013-1863

all versions

Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default C

CVE-2013-0214

all versions

Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x befo

CVE-2013-0213

all versions

The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attac

CVE-2013-0172

all versions

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control

CVE-2012-2111

all versions

The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.

CVE-2012-1182

<= 3.4.15

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an

CVE-2012-0870

all versions

Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook table

CVE-2012-0817

all versions

Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption)

CVE-2011-2411

all versions

Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is u

CVE-2011-2724

<= 3.5.10

The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that th

CVE-2011-2694

>= 3.0.0 and < 3.3.16

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in S

CVE-2011-2522

>= 3.0.0 and < 3.3.16

Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10

CVE-2011-1678

<= 3.5.8

smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to t

CVE-2011-1097

all versions

rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a d

CVE-2011-0719

all versions

Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use

CVE-2010-3069

>= 3.0.0 and <= 3.3.14

Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to

CVE-2010-2063

>= 3.0.0 and <= 3.3.12

Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before

CVE-2010-1642

<= 3.4.7

The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attack

CVE-2010-1635

<= 3.4.7

The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a deni

CVE-2010-0926

all versions

The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exi

CVE-2010-0728

all versions

smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows re

CVE-2010-0787

all versions

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a

CVE-2010-0547

<= 3.4.5

client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier does not verify that the (1) device name and (2) mountpoint

CVE-2009-2948

>= 3.0.0 and < 3.0.37

mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid

CVE-2009-2906

< 3.0.37

smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to ca

CVE-2009-2813

all versions

Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac

CVE-2009-1888

>= 3.0.31 and <= 3.0.35

The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.

CVE-2009-1886

all versions

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent

CVE-2009-0022

all versions

Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a

CVE-2008-4314

all versions

smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted

CVE-2008-3789

>= 3.2.0 and < 3.2.3

Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users t

CVE-2008-1105

>= 3.0.0 and <= 3.0.29

Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to

CVE-2008-1720

all versions

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute

CVE-2007-6015

all versions

Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option

CVE-2007-5398

all versions

Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, wh

CVE-2007-4572

all versions

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allo

CVE-2007-4138

all versions

The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" o

CVE-2007-2407

all versions

The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dr

CVE-2007-2447

all versions

The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell

CVE-2007-2446

all versions

Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute

CVE-2007-2444

all versions

Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain tempo

CVE-2007-0454

all versions

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execu

CVE-2007-0453

all versions

Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows

CVE-2007-0452

all versions

smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by

CVE-2006-3403

all versions

The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consum

CVE-2006-1059

all versions

The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows l

CVE-2004-1002

all versions

Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP p

7.5HIGH

CVE-2004-0930

all versions

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial o

CVE-2004-0882

all versions

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary

CVE-2004-1154

all versions

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a deni

CVE-2004-2687

<= 2.18.3

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to

CVE-2004-2546

all versions

Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).

CVE-2004-0829

all versions

smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNo

CVE-2004-0808

all versions

The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote at

CVE-2004-0815

all versions

The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolut

CVE-2004-0807

all versions

Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain mal

CVE-2004-0686

>= 2.2.0 and < 2.2.10

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has

CVE-2004-0600

all versions

Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary c

CVE-2004-0186

all versions

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba sh

CVE-2004-0082

all versions

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may o

CVE-2004-0028

all versions

jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.

CVE-2003-1332

<= 2.2.7a

Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary

CVE-2003-0201

all versions

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and

CVE-2003-0196

all versions

Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service

CVE-2003-0086

all versions

The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involvin

CVE-2003-0085

all versions

Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before

CVE-2002-2196

<= 2.2.4

Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arb

CVE-2002-1318

all versions

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary c

CVE-2002-0080

< 2.5.3

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental

CVE-2001-0406

<= 2.0.7

Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) t

CVE-2001-1162

all versions

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attacker

CVE-2000-0939

all versions

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting

CVE-2000-0938

all versions

Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an

CVE-2000-0937

all versions

Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password

CVE-2000-0936

all versions

Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allow

CVE-2000-0935

all versions

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cg

CVE-1999-0812

all versions

Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.

CVE-1999-0811

all versions

Buffer overflow in Samba smbd program via a malformed message command.

CVE-1999-0810

all versions

Denial of service in Samba NETBIOS name service daemon (nmbd).

CVE-1999-1288

all versions

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the

CVE-1999-0182

<= 1.9.17

Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.