Vulnerabilities > Samba

DATE	CVE	VULNERABILITY TITLE	RISK
2022-08-23	CVE-2021-20316	Race Condition vulnerability in multiple products A flaw was found in the way Samba handled file/directory metadata. network high complexity samba debian redhat CWE-362	6.8
2022-08-23	CVE-2021-3670	MaxQueryDuration not honoured in Samba AD DC LDAP network low complexity samba redhat fedoraproject	6.5
2022-08-02	CVE-2022-29154	Improper Input Validation vulnerability in multiple products An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. network high complexity samba fedoraproject CWE-20	7.4
2022-04-28	CVE-2022-29869	Information Exposure Through Log Files vulnerability in multiple products cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. network low complexity samba fedoraproject debian CWE-532	5.3
2022-04-27	CVE-2022-27239	Out-of-bounds Write vulnerability in multiple products In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. local low complexity samba debian suse hp fedoraproject CWE-787	7.8
2022-03-16	CVE-2020-25721	Improper Input Validation vulnerability in Samba Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). network low complexity samba CWE-20	8.8
2022-03-02	CVE-2021-23192	Unspecified vulnerability in Samba A flaw was found in the way samba implemented DCE/RPC. network low complexity samba	7.5
2022-03-02	CVE-2021-3738	Use After Free vulnerability in Samba In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. network low complexity samba CWE-416	8.8
2022-02-21	CVE-2021-44141	Link Following vulnerability in multiple products All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. network low complexity samba redhat fedoraproject CWE-59	4.3
2022-02-21	CVE-2021-44142	Out-of-bounds Write vulnerability in multiple products The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. network low complexity samba debian canonical synology fedoraproject redhat CWE-787	8.8

Vulnerabilities > Samba {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Samba"}]}

Vulnerabilities > Samba