Vulnerabilities > Samba > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-04-03 | CVE-2023-0922 | Cleartext Transmission of Sensitive Information vulnerability in Samba The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | 5.9 |
2023-04-03 | CVE-2023-0614 | Cleartext Storage of Sensitive Information vulnerability in Samba The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. | 6.5 |
2023-03-06 | CVE-2021-20251 | Race Condition vulnerability in multiple products A flaw was found in samba. | 5.9 |
2023-01-17 | CVE-2018-14628 | An information leak vulnerability was discovered in Samba's LDAP server. | 4.3 |
2023-01-12 | CVE-2022-3437 | A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. | 6.5 |
2023-01-12 | CVE-2022-3592 | Link Following vulnerability in multiple products A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. | 6.5 |
2022-12-18 | CVE-2022-4603 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samba PPP A vulnerability classified as problematic has been found in ppp. | 6.5 |
2022-09-01 | CVE-2022-1615 | Use of Insufficiently Random Values vulnerability in multiple products In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. | 5.5 |
2022-08-25 | CVE-2022-32742 | Unspecified vulnerability in Samba A flaw was found in Samba. | 4.3 |
2022-08-25 | CVE-2022-32746 | Use After Free vulnerability in Samba A flaw was found in the Samba AD LDAP server. | 5.4 |