Vulnerabilities > Samba

DATE CVE VULNERABILITY TITLE RISK
2021-05-27 CVE-2020-14387 Improper Validation of Certificate with Host Mismatch vulnerability in Samba Rsync
A flaw was found in rsync in versions since 3.2.0pre1.
network
high complexity
samba CWE-297
7.4
7.4
2021-05-12 CVE-2020-27840 Out-of-bounds Read vulnerability in multiple products
A flaw was found in samba.
network
low complexity
samba debian fedoraproject CWE-125
7.5
7.5
2021-05-12 CVE-2021-20277 Out-of-bounds Write vulnerability in multiple products
A flaw was found in Samba's libldb.
network
low complexity
samba debian fedoraproject CWE-787
7.5
7.5
2021-05-05 CVE-2021-20254 Out-of-bounds Read vulnerability in multiple products
A flaw was found in samba.
network
high complexity
samba fedoraproject redhat debian CWE-125
6.8
6.8
2021-04-19 CVE-2021-20208 Improper Privilege Management vulnerability in multiple products
A flaw was found in cifs-utils in versions before 6.13.
local
high complexity
samba redhat fedoraproject CWE-269
6.1
6.1
2020-12-03 CVE-2020-14318 Incorrect Privilege Assignment vulnerability in multiple products
A flaw was found in the way samba handled file and directory permissions.
network
low complexity
samba redhat CWE-266
4.3
4.3
2020-12-02 CVE-2020-14383 A flaw was found in samba's DNS server.
network
low complexity
samba redhat
6.5
6.5
2020-11-11 CVE-2020-17049 Incorrect Authorization vulnerability in multiple products
A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.
network
high complexity
microsoft samba CWE-863
6.6
6.6
2020-10-29 CVE-2020-14323 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1.
local
low complexity
samba opensuse fedoraproject debian CWE-476
5.5
5.5
2020-09-09 CVE-2020-14342 OS Command Injection vulnerability in multiple products
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands.
local
high complexity
samba fedoraproject opensuse CWE-78
7.0
7.0