samba

244 tracked vulnerabilities.

CVE-2026-29518 HIGH
Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write
May 20, 2026
CVSS 7.0
EPSS 0.00
CVE-2026-45232 LOW
Rsync < 3.4.3 Off-by-One Stack Write via HTTP Proxy
May 20, 2026
CVSS 3.1
EPSS 0.00
CVE-2026-43620 MEDIUM
Rsync < 3.4.3 Out-of-Bounds Array Read via recv_files()
May 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-43619 MEDIUM
Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls
May 20, 2026
CVSS 6.3
EPSS 0.00
CVE-2026-43618 HIGH
Rsync < 3.4.3 Integer Overflow Information Disclosure
May 20, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-43617 MEDIUM
Rsync < 3.4.3 Authorization Bypass via Hostname Resolution
May 20, 2026
CVSS 4.8
EPSS 0.00
CVE-2026-41035 HIGH
rsync 3.0.1-3.4.1 - Use-After-Free via Untrusted Length Value in receive_xattr
Apr 16, 2026
CVSS 7.4
EPSS 0.00
CVE-2025-0620 MEDIUM
Samba 4.21.0-4.21.5 - Unauthenticated File Share Exposure via Session Reauthentication
Jun 06, 2025
CVSS 4.9
EPSS 0.00
CVE-2024-58250 CRITICAL
ppp < 2.5.2 - Privilege Escalation via Passprompt Plugin
Apr 22, 2025
CVSS 9.3
EPSS 0.00
CVE-2024-12084 CRITICAL
rsync - Heap-based Buffer Overflow via Checksum Length Handling
Jan 15, 2025
CVSS 9.8
EPSS 0.03
CVE-2024-12088 MEDIUM
rsync < 3.3.0 - Path Traversal and Arbitrary File Write via Symbolic Link Verification Bypass
Jan 14, 2025
CVSS 6.5
EPSS 0.03
CVE-2024-12087 MEDIUM
rsync < 3.3.0 - Path Traversal via --inc-recursive Symlink Handling
Jan 14, 2025
CVSS 6.5
EPSS 0.03
CVE-2024-12086 MEDIUM
rsync < 3.3.0 - Arbitrary File Read via Checksum Manipulation
Jan 14, 2025
CVSS 6.1
EPSS 0.01
CVE-2024-12085 HIGH
rsync < 3.3.0 - Information Disclosure via Checksum Length Manipulation
Jan 14, 2025
CVSS 7.5
EPSS 0.19
CVE-2023-4154 HIGH
Samba 4.0.0-4.17.11 - Unprotected User Data Exposure via DirSync Control
Nov 07, 2023
CVSS 7.5
EPSS 0.00
CVE-2023-42669 MEDIUM
Samba >=4.0.0 <4.17.12 - Authenticated Denial of Service via rpcecho TestSleep Function
Nov 06, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-3961 CRITICAL
Samba < 4.17.12 - Path Traversal via Client Pipe Name
Nov 03, 2023
CVSS 9.1
EPSS 0.02
CVE-2023-4091 MEDIUM
Samba < 4.17.12 - Unauthorized File Truncation via SMB Overwrite Create Disposition
Nov 03, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-42670 MEDIUM
Samba < 4.17.12 - Denial of Service via Incompatible RPC Listener Competition
Nov 03, 2023
CVSS 6.5
EPSS 0.00
CVE-2023-5568 MEDIUM
Samba < 4.19.2 - Authenticated Heap-based Buffer Overflow
Oct 25, 2023
CVSS 5.9
EPSS 0.07
CVE-2023-3347 MEDIUM
Samba 4.17.0-4.17.9 - Improper Enforcement of Message Integrity in SMB2 Packet Signing
Jul 20, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-34968 MEDIUM
Samba < 4.16.11 - Path Disclosure via Spotlight Protocol
Jul 20, 2023
CVSS 5.3
EPSS 0.02
CVE-2023-34967 MEDIUM
Samba < 4.16.11 - Denial of Service via mdssvc RPC Spotlight Type Confusion
Jul 20, 2023
CVSS 5.3
EPSS 0.19
CVE-2023-34966 HIGH
Samba < 4.16.11 - Denial of Service via Spotlight mdssvc RPC Packet Parsing
Jul 20, 2023
CVSS 7.5
EPSS 0.14
CVE-2023-0922 MEDIUM
Samba >=4.0.0 <4.16.10 - Cleartext Transmission of Sensitive Information via LDAP Password Operations
Apr 03, 2023
CVSS 5.9
EPSS 0.00
Products
samba 210 rsync 24 cifs-utils 4 ppp 3 jitterbug 1 samba_server 1 volume_service 1
Quick Filters
Critical CVEs With Exploits In CISA KEV