Vulnerabilities > Samba

DATE CVE VULNERABILITY TITLE RISK
2019-06-19 CVE-2019-12435 NULL Pointer Dereference vulnerability in Samba
Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service.
network
low complexity
samba CWE-476
6.5
6.5
2019-04-09 CVE-2019-3880 Path Traversal vulnerability in multiple products
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API.
network
low complexity
samba debian redhat fedoraproject opensuse CWE-22
5.4
5.4
2019-04-09 CVE-2019-3870 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2.
local
low complexity
samba fedoraproject synology CWE-276
6.1
6.1
2019-03-06 CVE-2019-3824 Out-of-bounds Read vulnerability in multiple products
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10.
network
low complexity
samba canonical debian CWE-125
4.0
4.0
2018-11-28 CVE-2018-16857 Improperly Implemented Security Check for Standard vulnerability in Samba 4.9.0/4.9.1/4.9.2
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all.
network
samba CWE-358
4.3
4.3
2018-11-28 CVE-2018-16853 Resource Exhaustion vulnerability in Samba
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration.
network
samba CWE-400
4.3
4.3
2018-11-28 CVE-2018-16852 NULL Pointer Dereference vulnerability in Samba 4.9.0/4.9.1/4.9.2
Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference.
network
samba CWE-476
3.5
3.5
2018-11-28 CVE-2018-16851 NULL Pointer Dereference vulnerability in multiple products
Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service.
network
low complexity
samba canonical debian CWE-476
4.0
4.0
2018-11-28 CVE-2018-16841 Double Free vulnerability in multiple products
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service.
network
low complexity
samba canonical debian CWE-415
4.0
4.0
2018-11-28 CVE-2018-14629 Infinite Loop vulnerability in multiple products
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3.
network
low complexity
samba canonical debian CWE-835
4.0
4.0