Vulnerabilities > Samba > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-11-06 CVE-2019-14847 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10.
network
low complexity
samba opensuse fedoraproject CWE-476
4.9
2019-11-06 CVE-2019-14833 Weak Password Requirements vulnerability in multiple products
A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user.
network
low complexity
samba opensuse fedoraproject CWE-521
5.4
2019-11-06 CVE-2019-10218 Path Traversal vulnerability in multiple products
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators.
network
low complexity
samba fedoraproject CWE-22
6.5
2019-06-19 CVE-2019-12436 NULL Pointer Dereference vulnerability in multiple products
Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service.
network
low complexity
samba canonical CWE-476
6.5
2019-06-19 CVE-2019-12435 NULL Pointer Dereference vulnerability in Samba
Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service.
network
low complexity
samba CWE-476
6.5
2019-04-09 CVE-2019-3880 Path Traversal vulnerability in multiple products
A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API.
network
low complexity
samba debian redhat fedoraproject opensuse CWE-22
5.4
2019-04-09 CVE-2019-3870 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2.
local
low complexity
samba fedoraproject synology CWE-276
6.1
2019-03-06 CVE-2019-3824 Out-of-bounds Read vulnerability in multiple products
A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10.
network
low complexity
samba debian canonical CWE-125
6.5
2018-11-28 CVE-2018-16857 Improperly Implemented Security Check for Standard vulnerability in Samba 4.9.0/4.9.1/4.9.2
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all.
network
high complexity
samba CWE-358
5.9
2018-11-28 CVE-2018-16853 Resource Exhaustion vulnerability in Samba
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration.
network
high complexity
samba CWE-400
5.9