Vulnerabilities > Samba

DATE CVE VULNERABILITY TITLE RISK
2020-08-17 CVE-2020-1472 Use of Insufficiently Random Values vulnerability in multiple products
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC).
5.5
2020-07-07 CVE-2020-10745 Resource Exhaustion vulnerability in multiple products
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP.
network
low complexity
samba fedoraproject opensuse debian CWE-400
7.5
2020-07-07 CVE-2020-10730 Use After Free vulnerability in multiple products
A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4.
network
low complexity
samba redhat opensuse fedoraproject debian CWE-416
6.5
2020-07-06 CVE-2020-10760 Use After Free vulnerability in multiple products
A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration.
network
low complexity
samba canonical opensuse fedoraproject CWE-416
6.5
2020-07-06 CVE-2020-14303 Excessive Iteration vulnerability in multiple products
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4.
7.5
2020-05-06 CVE-2020-10704 Uncontrolled Recursion vulnerability in multiple products
A flaw was found when using samba as an Active Directory Domain Controller.
network
low complexity
samba fedoraproject opensuse debian CWE-674
7.5
2020-05-04 CVE-2020-10700 Use After Free vulnerability in multiple products
A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control.
network
high complexity
samba fedoraproject opensuse CWE-416
5.3
2020-01-21 CVE-2019-19344 Use After Free vulnerability in multiple products
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.
network
low complexity
samba canonical synology opensuse CWE-416
6.5
2020-01-21 CVE-2019-14907 Out-of-bounds Read vulnerability in multiple products
All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed.
6.5
2020-01-21 CVE-2019-14902 There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.
network
low complexity
samba canonical opensuse debian
5.4