Vulnerabilities > Samba > High

DATE CVE VULNERABILITY TITLE RISK
2020-09-09 CVE-2020-14342 OS Command Injection vulnerability in multiple products
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands.
local
high complexity
samba fedoraproject opensuse CWE-78
7.0
2020-07-07 CVE-2020-10745 Resource Exhaustion vulnerability in multiple products
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP.
network
low complexity
samba fedoraproject opensuse debian CWE-400
7.5
2020-07-06 CVE-2020-14303 Excessive Iteration vulnerability in multiple products
A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4.
7.5
2020-05-06 CVE-2020-10704 Uncontrolled Recursion vulnerability in multiple products
A flaw was found when using samba as an Active Directory Domain Controller.
network
low complexity
samba fedoraproject opensuse debian CWE-674
7.5
2019-08-05 CVE-2019-3800 Information Exposure vulnerability in multiple products
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag.
7.8
2019-07-31 CVE-2018-16860 Improperly Implemented Security Check for Standard vulnerability in multiple products
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode.
network
high complexity
samba heimdal-project CWE-358
7.5
2018-11-01 CVE-2016-2123 Unspecified vulnerability in Samba
A flaw was found in samba versions 4.0.0 to 4.5.2.
network
low complexity
samba
8.8
2018-08-22 CVE-2018-10858 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing.
network
low complexity
debian canonical samba redhat CWE-119
8.8
2018-08-22 CVE-2018-1139 Insufficiently Protected Credentials vulnerability in multiple products
A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled.
network
high complexity
samba redhat canonical CWE-522
8.1
2018-07-27 CVE-2017-12151 Cryptographic Issues vulnerability in multiple products
A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3.
network
high complexity
samba redhat debian hp CWE-310
7.4