samba

244 tracked vulnerabilities.

CVE-2021-20316 MEDIUM
Samba < 4.15.0 - Authenticated Race Condition in File/Directory Metadata Handling
Aug 23, 2022
CVSS 6.8
EPSS 0.01
CVE-2021-3738 HIGH
Samba 4.0.0-4.13.14 - Use-After-Free in DCE/RPC Association Groups
Mar 02, 2022
CVSS 8.8
EPSS 0.00
CVE-2021-23192 HIGH
Samba 4.10.0-4.13.13 - DCE/RPC Request Fragment Signature Bypass
Mar 02, 2022
CVSS 7.5
EPSS 0.00
CVE-2021-44141 MEDIUM
Samba < 4.15.5 - Unauthenticated Exposure of Sensitive Information via SMB1 Symlink
Feb 21, 2022
CVSS 4.3
EPSS 0.00
CVE-2021-44142 HIGH
Samba < 4.13.17 - Out-of-bounds Read and Write via Extended File Attributes
Feb 21, 2022
CVSS 8.8
EPSS 0.36
CVE-2021-43566 LOW
Samba <4.13.16 - Directory Traversal
Jan 11, 2022
CVSS 2.5
EPSS 0.00
CVE-2021-3671 MEDIUM
Samba < 4.13.12 - Authenticated Denial of Service via Missing sname in TGS-REQ
Oct 12, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-20277 HIGH
Samba 4.0.0-4.12.12 - Denial of Service via LDAP Attribute with Leading Spaces
May 12, 2021
CVSS 7.5
EPSS 0.08
CVE-2021-20254 MEDIUM
Samba >=3.6.0 <4.12.15 - Out-of-bounds Read in Group Identity Mapping
May 05, 2021
CVSS 6.8
EPSS 0.02
CVE-2021-20208 MEDIUM
cifs-utils < 6.13 - Unauthenticated Kerberos Credential Exposure via Container Mount
Apr 19, 2021
CVSS 6.1
EPSS 0.00
CVE-2020-25721 HIGH
Samba 4.13.0-4.13.13 - Improper Input Validation in Kerberos Ticket Handling
Mar 16, 2022
CVSS 8.8
EPSS 0.00
CVE-2020-25722 HIGH
Samba >=4.0.0 <4.13.14 - Incorrect Authorization
Feb 18, 2022
CVSS 8.8
EPSS 0.00
CVE-2020-25719 HIGH
Samba 4.0.0-4.13.14 - Improper Authentication via Kerberos PAC Handling
Feb 18, 2022
CVSS 7.2
EPSS 0.00
CVE-2020-25718 HIGH
samba 4.0.0-4.13.13 - Missing Authorization for RODC Administrator Ticket Printing
Feb 18, 2022
CVSS 8.8
EPSS 0.00
CVE-2020-25717 HIGH
Samba 3.0.0-4.13.13 - Authenticated Privilege Escalation via Domain User Mapping
Feb 18, 2022
CVSS 8.1
EPSS 0.01
CVE-2020-14387 HIGH
rsync 3.2.0pre1-3.2.3 - Unauthenticated Man-in-the-Middle via Certificate Hostname Mismatch
May 27, 2021
CVSS 7.4
EPSS 0.00
CVE-2020-27840 HIGH
Samba >=4.0.0 <4.12.13 - Out-of-bounds Read via Domain Name String Parsing
May 12, 2021
CVSS 7.5
EPSS 0.15
CVE-2020-14318 MEDIUM
Samba 3.6.0-4.11.14 - Authenticated Improper Privilege Management
Dec 03, 2020
CVSS 4.3
EPSS 0.00
CVE-2020-14383 MEDIUM
Samba 4.0.0-4.11.14 - Authenticated Denial of Service via DNS RPC Server
Dec 02, 2020
CVSS 6.5
EPSS 0.00
CVE-2020-17049 MEDIUM
Windows Server 2012, 2016, 2019 and Samba 4.1.0-4.13.12 - Security Feature Bypass in Kerberos Constrained Delegation
Nov 11, 2020
CVSS 6.6
EPSS 0.26
CVE-2020-14323 MEDIUM
Samba < 4.11.15 - Denial of Service via Winbind Null Pointer Dereference
Oct 29, 2020
CVSS 5.5
EPSS 0.00
CVE-2020-14342 MEDIUM
cifs-utils 5.6-6.10 - OS Command Injection via Samba Password Request
Sep 09, 2020
CVSS 4.4
EPSS 0.00
CVE-2020-1472 MEDIUM KEV
Netlogon Weak Cryptographic Authentication
Aug 17, 2020
CVSS 5.5
EPSS 0.94
CVE-2020-10745 HIGH
Samba < 4.10.17, < 4.11.11, < 4.12.4 - Denial of Service via NetBios over TCP/IP
Jul 07, 2020
CVSS 7.5
EPSS 0.20
CVE-2020-10730 MEDIUM
Samba <4.10.17-4.12.4 - Memory Corruption
Jul 07, 2020
CVSS 6.5
EPSS 0.03
Products
samba 210 rsync 24 cifs-utils 4 ppp 3 jitterbug 1 samba_server 1 volume_service 1
Quick Filters
Critical CVEs With Exploits In CISA KEV