Vulnerabilities > Samba > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-20 | CVE-2023-34966 | Infinite Loop vulnerability in multiple products An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. | 7.5 |
| 2022-12-25 | CVE-2022-42898 | Integer Overflow or Wraparound vulnerability in multiple products PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. | 8.8 |
| 2022-11-09 | CVE-2022-37966 | Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability | 8.1 |
| 2022-11-09 | CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability | 7.2 |
| 2022-11-09 | CVE-2022-38023 | Netlogon RPC Elevation of Privilege Vulnerability | 8.1 |
| 2022-09-01 | CVE-2022-32743 | Incorrect Default Permissions vulnerability in multiple products Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | 7.5 |
| 2022-08-29 | CVE-2022-0336 | Incorrect Default Permissions vulnerability in multiple products The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. | 8.8 |
| 2022-08-25 | CVE-2022-2031 | Improper Authentication vulnerability in Samba A flaw was found in Samba. | 8.8 |
| 2022-08-25 | CVE-2022-32744 | Authentication Bypass by Spoofing vulnerability in Samba A flaw was found in Samba. | 8.8 |
| 2022-08-25 | CVE-2022-32745 | Use of Uninitialized Resource vulnerability in Samba A flaw was found in Samba. | 8.1 |