Vulnerabilities > Samba > Cifs Utils > 6.10

DATE CVE VULNERABILITY TITLE RISK
2022-04-28 CVE-2022-29869 Information Exposure Through Log Files vulnerability in multiple products
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
network
low complexity
samba fedoraproject debian CWE-532
5.3
2022-04-27 CVE-2022-27239 Out-of-bounds Write vulnerability in multiple products
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.
local
low complexity
samba debian suse hp fedoraproject CWE-787
7.8
2021-04-19 CVE-2021-20208 Improper Privilege Management vulnerability in multiple products
A flaw was found in cifs-utils in versions before 6.13.
local
high complexity
samba redhat fedoraproject CWE-269
6.1
2020-09-09 CVE-2020-14342 OS Command Injection vulnerability in multiple products
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands.
local
high complexity
samba fedoraproject opensuse CWE-78
7.0