High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-05-27	CVE-2020-14387	Improper Validation of Certificate with Host Mismatch vulnerability in Samba Rsync A flaw was found in rsync in versions since 3.2.0pre1. network high complexity samba CWE-297	7.4
2021-05-12	CVE-2020-27840	Out-of-bounds Read vulnerability in multiple products A flaw was found in samba. network low complexity samba debian fedoraproject CWE-125	7.5
2021-05-12	CVE-2021-20277	Out-of-bounds Write vulnerability in multiple products A flaw was found in Samba's libldb. network low complexity samba debian fedoraproject CWE-787	7.5
2020-09-09	CVE-2020-14342	OS Command Injection vulnerability in multiple products It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. local high complexity samba fedoraproject opensuse CWE-78	7.0
2020-07-07	CVE-2020-10745	Resource Exhaustion vulnerability in multiple products A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. network low complexity samba fedoraproject opensuse debian CWE-400	7.5
2020-07-06	CVE-2020-14303	Excessive Iteration vulnerability in multiple products A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. network low complexity samba fedoraproject opensuse debian canonical CWE-834	7.5
2020-05-06	CVE-2020-10704	Uncontrolled Recursion vulnerability in multiple products A flaw was found when using samba as an Active Directory Domain Controller. network low complexity samba fedoraproject opensuse debian CWE-674	7.5
2019-08-05	CVE-2019-3800	Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. local low complexity pivotal apigee newrelic microsoft appdynamics bluemedora contrastsecurity cyberark datadoghq datastax dynatrace forgerock google ibm pagerduty riverbed signalsciences wavefront tibco solace snyk samba splunk sumologic synopsys yugabyte anynines CWE-200	7.8
2019-07-31	CVE-2018-16860	Improperly Implemented Security Check for Standard vulnerability in multiple products A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. network high complexity samba heimdal-project CWE-358	7.5
2018-11-01	CVE-2016-2123	Heap-based Buffer Overflow vulnerability in Samba A flaw was found in samba versions 4.0.0 to 4.5.2. network low complexity samba CWE-122	8.8