Vulnerabilities > Samba > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-07 | CVE-2023-4154 | Out-of-bounds Write vulnerability in Samba A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). | 6.5 |
2023-11-06 | CVE-2023-42669 | A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. | 6.5 |
2023-11-03 | CVE-2023-42670 | A flaw was found in Samba. | 6.5 |
2023-11-03 | CVE-2023-4091 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". | 6.5 |
2023-10-25 | CVE-2023-5568 | Out-of-bounds Write vulnerability in Samba A heap-based Buffer Overflow flaw was discovered in Samba. | 6.5 |
2023-07-20 | CVE-2022-2127 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. | 5.9 |
2023-07-20 | CVE-2023-34967 | Type Confusion vulnerability in multiple products A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. | 5.3 |
2023-07-20 | CVE-2023-34968 | Information Exposure Through Sent Data vulnerability in multiple products A path disclosure vulnerability was found in Samba. | 5.3 |
2023-07-20 | CVE-2023-3347 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in multiple products A vulnerability was found in Samba's SMB2 packet signing mechanism. | 5.9 |
2023-04-03 | CVE-2023-0225 | Incorrect Permission Assignment for Critical Resource vulnerability in Samba A flaw was found in Samba. | 4.3 |