Vulnerabilities > Samba > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-11 | CVE-2021-43566 | Race Condition vulnerability in Samba All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. | 2.5 |
| 2019-08-05 | CVE-2019-3800 | Information Exposure vulnerability in multiple products CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag. | 2.1 |
| 2018-11-28 | CVE-2018-16852 | NULL Pointer Dereference vulnerability in Samba 4.9.0/4.9.1/4.9.2 Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. | 3.5 |
| 2018-08-22 | CVE-2018-1140 | Improper Input Validation vulnerability in Samba A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. | 3.3 |
| 2018-03-13 | CVE-2018-1050 | NULL Pointer Dereference vulnerability in multiple products All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. | 3.3 |
| 2017-12-06 | CVE-2017-17433 | Missing Authorization vulnerability in multiple products The recv_files function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before checking for a filename in the daemon_filter_list data structure, which allows remote attackers to bypass intended access restrictions. | 3.7 |
| 2014-06-23 | CVE-2014-0244 | Improper Input Validation vulnerability in Samba The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet. | 3.3 |
| 2014-05-28 | CVE-2014-0178 | Improper Initialization vulnerability in Samba Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain potentially sensitive information from process memory via a (1) FSCTL_GET_SHADOW_COPY_DATA or (2) FSCTL_SRV_ENUMERATE_SNAPSHOTS request. | 3.5 |
| 2013-12-03 | CVE-2012-6150 | Improper Input Validation vulnerability in multiple products The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging an administrator's pam_winbind configuration-file mistake. | 3.6 |
| 2013-11-13 | CVE-2013-4476 | Cryptographic Issues vulnerability in Samba Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access to the local filesystem on an AD domain controller. | 1.2 |