Vulnerabilities > Samba > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-03 CVE-2023-0922 Cleartext Transmission of Sensitive Information vulnerability in Samba
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
network
high complexity
samba CWE-319
5.9
2023-04-03 CVE-2023-0614 Cleartext Storage of Sensitive Information vulnerability in Samba
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
network
low complexity
samba CWE-312
6.5
2023-03-06 CVE-2021-20251 Race Condition vulnerability in multiple products
A flaw was found in samba.
network
high complexity
samba fedoraproject CWE-362
5.9
2023-01-17 CVE-2018-14628 An information leak vulnerability was discovered in Samba's LDAP server.
network
low complexity
samba fedoraproject
4.3
2023-01-12 CVE-2022-3437 A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal.
network
low complexity
samba fedoraproject
6.5
2023-01-12 CVE-2022-3592 Link Following vulnerability in multiple products
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path.
network
low complexity
samba fedoraproject CWE-59
6.5
2022-12-18 CVE-2022-4603 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samba PPP
A vulnerability classified as problematic has been found in ppp.
network
low complexity
samba CWE-119
6.5
2022-09-01 CVE-2022-1615 Use of Insufficiently Random Values vulnerability in multiple products
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
local
low complexity
samba fedoraproject CWE-330
5.5
2022-08-25 CVE-2022-32742 Unspecified vulnerability in Samba
A flaw was found in Samba.
network
low complexity
samba
4.3
2022-08-25 CVE-2022-32746 Use After Free vulnerability in Samba
A flaw was found in the Samba AD LDAP server.
network
low complexity
samba CWE-416
5.4