Vulnerabilities > Samba

DATE CVE VULNERABILITY TITLE RISK
2020-12-03 CVE-2020-14318 Incorrect Privilege Assignment vulnerability in multiple products
A flaw was found in the way samba handled file and directory permissions.
network
low complexity
samba redhat CWE-266
4.0
2020-12-02 CVE-2020-14383 A flaw was found in samba's DNS server.
network
low complexity
samba redhat
4.0
2020-10-29 CVE-2020-14323 Improper Null Termination vulnerability in multiple products
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1.
local
low complexity
samba fedoraproject opensuse CWE-170
2.1
2020-09-09 CVE-2020-14342 OS Command Injection vulnerability in Samba Cifs-Utils
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands.
local
samba CWE-78
4.4
2020-08-17 CVE-2020-1472 Improper Privilege Management vulnerability in multiple products
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.
9.3
2020-07-07 CVE-2020-10745 Resource Exhaustion vulnerability in multiple products
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP.
network
low complexity
samba fedoraproject opensuse CWE-400
7.8
2020-07-07 CVE-2020-10730 USE After Free vulnerability in multiple products
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4.
network
low complexity
samba redhat opensuse fedoraproject CWE-416
4.0
2020-07-06 CVE-2020-10760 USE After Free vulnerability in multiple products
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration.
network
low complexity
samba canonical opensuse fedoraproject CWE-416
4.0
2020-07-06 CVE-2020-14303 Improper Input Validation vulnerability in multiple products
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4.
network
low complexity
samba fedoraproject opensuse CWE-20
5.0
2020-05-06 CVE-2020-10704 Classic Buffer Overflow vulnerability in multiple products
A flaw was found when using samba as an Active Directory Domain Controller.
network
low complexity
samba fedoraproject opensuse CWE-120
5.0