Vulnerabilities > Samba > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-02 | CVE-2021-23192 | Unspecified vulnerability in Samba A flaw was found in the way samba implemented DCE/RPC. | 7.5 |
2022-03-02 | CVE-2021-3738 | Use After Free vulnerability in Samba In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. | 8.8 |
2022-02-21 | CVE-2021-44142 | Out-of-bounds Write vulnerability in multiple products The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. | 8.8 |
2022-02-18 | CVE-2020-25717 | Improper Input Validation vulnerability in multiple products A flaw was found in the way Samba maps domain users to local users. | 8.1 |
2022-02-18 | CVE-2020-25718 | Missing Authorization vulnerability in multiple products A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). | 8.8 |
2022-02-18 | CVE-2020-25719 | Race Condition vulnerability in multiple products A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. | 7.2 |
2022-02-18 | CVE-2020-25722 | Incorrect Authorization vulnerability in multiple products Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. | 8.8 |
2021-05-27 | CVE-2020-14387 | Unspecified vulnerability in Samba Rsync A flaw was found in rsync in versions since 3.2.0pre1. | 7.4 |
2021-05-12 | CVE-2020-27840 | A flaw was found in samba. | 7.5 |
2021-05-12 | CVE-2021-20277 | Out-of-bounds Write vulnerability in multiple products A flaw was found in Samba's libldb. | 7.5 |