Vulnerabilities > Samba

DATE CVE VULNERABILITY TITLE RISK
2023-11-07 CVE-2023-4154 Out-of-bounds Write vulnerability in Samba
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs).
network
low complexity
samba CWE-787
6.5
2023-11-06 CVE-2023-42669 A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements.
network
low complexity
samba redhat
6.5
2023-11-03 CVE-2023-3961 Path Traversal vulnerability in multiple products
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory.
network
low complexity
samba redhat fedoraproject CWE-22
critical
9.8
2023-11-03 CVE-2023-42670 A flaw was found in Samba.
network
low complexity
samba fedoraproject
6.5
2023-11-03 CVE-2023-4091 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes".
network
low complexity
samba fedoraproject redhat CWE-276
6.5
2023-10-25 CVE-2023-5568 Out-of-bounds Write vulnerability in Samba
A heap-based Buffer Overflow flaw was discovered in Samba.
network
low complexity
samba CWE-787
6.5
2023-07-20 CVE-2022-2127 Out-of-bounds Read vulnerability in multiple products
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c.
network
high complexity
samba redhat fedoraproject debian CWE-125
5.9
2023-07-20 CVE-2023-34966 Infinite Loop vulnerability in multiple products
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight.
network
low complexity
samba fedoraproject redhat debian CWE-835
7.5
2023-07-20 CVE-2023-34967 Type Confusion vulnerability in multiple products
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight.
network
low complexity
samba fedoraproject redhat debian CWE-843
5.3
2023-07-20 CVE-2023-34968 Information Exposure Through Sent Data vulnerability in multiple products
A path disclosure vulnerability was found in Samba.
network
low complexity
samba fedoraproject redhat debian CWE-201
5.3