Vulnerabilities > Samba > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-06 | CVE-2019-14847 | NULL Pointer Dereference vulnerability in multiple products A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. | 4.9 |
2019-11-06 | CVE-2019-14833 | Weak Password Requirements vulnerability in multiple products A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. | 5.4 |
2019-11-06 | CVE-2019-10218 | Path Traversal vulnerability in multiple products A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. | 6.5 |
2019-06-19 | CVE-2019-12436 | NULL Pointer Dereference vulnerability in multiple products Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. | 6.5 |
2019-06-19 | CVE-2019-12435 | NULL Pointer Dereference vulnerability in Samba Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. | 6.5 |
2019-04-09 | CVE-2019-3880 | Path Traversal vulnerability in multiple products A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. | 5.4 |
2019-04-09 | CVE-2019-3870 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. | 6.1 |
2019-03-06 | CVE-2019-3824 | Out-of-bounds Read vulnerability in multiple products A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. | 6.5 |
2018-11-28 | CVE-2018-16857 | Improperly Implemented Security Check for Standard vulnerability in Samba 4.9.0/4.9.1/4.9.2 Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. | 5.9 |
2018-11-28 | CVE-2018-16853 | Resource Exhaustion vulnerability in Samba Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. | 5.9 |