Vulnerabilities > Samba

DATE CVE VULNERABILITY TITLE RISK
2022-04-28 CVE-2022-29869 Exposure of Resource to Wrong Sphere vulnerability in Samba Cifs-Utils
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
network
samba CWE-668
4.3
2022-04-27 CVE-2022-27239 Out-of-bounds Write vulnerability in multiple products
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
local
low complexity
samba debian suse hp CWE-787
7.2
2022-03-16 CVE-2020-25721 Improper Input Validation vulnerability in Samba
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid).
network
low complexity
samba CWE-20
6.5
2022-03-02 CVE-2021-23192 Unspecified vulnerability in Samba
A flaw was found in the way samba implemented DCE/RPC.
network
low complexity
samba
5.0
2022-03-02 CVE-2021-3738 Use After Free vulnerability in Samba
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'.
network
low complexity
samba CWE-416
6.5
2022-02-21 CVE-2021-44141 Link Following vulnerability in multiple products
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition.
3.5
2022-02-21 CVE-2021-44142 Out-of-bounds Write vulnerability in multiple products
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes.
network
low complexity
samba debian canonical synology fedoraproject redhat CWE-787
critical
9.0
2022-02-18 CVE-2016-2124 Improper Authentication vulnerability in multiple products
A flaw was found in the way samba implemented SMB1 authentication.
4.3
2022-02-18 CVE-2020-25717 Improper Input Validation vulnerability in multiple products
A flaw was found in the way Samba maps domain users to local users.
network
low complexity
samba debian fedoraproject redhat canonical CWE-20
8.5
2022-02-18 CVE-2020-25718 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller).
network
low complexity
samba fedoraproject CWE-732
6.5