Vulnerabilities > Samba > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-12 | CVE-2020-27840 | Out-of-bounds Read vulnerability in multiple products A flaw was found in samba. | 7.5 |
2021-05-12 | CVE-2021-20277 | Out-of-bounds Write vulnerability in multiple products A flaw was found in Samba's libldb. | 7.5 |
2020-09-09 | CVE-2020-14342 | OS Command Injection vulnerability in multiple products It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. | 7.0 |
2020-07-07 | CVE-2020-10745 | Resource Exhaustion vulnerability in multiple products A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. | 7.5 |
2020-07-06 | CVE-2020-14303 | Excessive Iteration vulnerability in multiple products A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. | 7.5 |
2020-05-06 | CVE-2020-10704 | Uncontrolled Recursion vulnerability in multiple products A flaw was found when using samba as an Active Directory Domain Controller. | 7.5 |
2018-11-01 | CVE-2016-2123 | Heap-based Buffer Overflow vulnerability in Samba A flaw was found in samba versions 4.0.0 to 4.5.2. | 8.8 |
2018-07-26 | CVE-2017-12163 | Information Exposure vulnerability in multiple products An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. | 7.1 |
2018-01-17 | CVE-2018-5764 | The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism. | 7.5 |
2017-11-27 | CVE-2017-14746 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | 7.5 |