Vulnerabilities > Samba > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-28 CVE-2018-16857 Improperly Implemented Security Check for Standard vulnerability in Samba 4.9.0/4.9.1/4.9.2
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all.
network
high complexity
samba CWE-358
5.9
5.9
2018-11-28 CVE-2018-16853 Resource Exhaustion vulnerability in Samba
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration.
network
high complexity
samba CWE-400
5.9
5.9
2018-11-28 CVE-2018-16852 NULL Pointer Dereference vulnerability in Samba 4.9.0/4.9.1/4.9.2
Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference.
network
high complexity
samba CWE-476
4.4
4.4
2018-11-28 CVE-2018-16851 NULL Pointer Dereference vulnerability in multiple products
Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service.
network
low complexity
samba canonical debian CWE-476
6.5
6.5
2018-11-28 CVE-2018-16841 Double Free vulnerability in multiple products
Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service.
network
low complexity
samba canonical debian CWE-415
6.5
6.5
2018-11-28 CVE-2018-14629 Infinite Loop vulnerability in multiple products
A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3.
network
low complexity
samba canonical debian CWE-835
6.5
6.5
2018-10-31 CVE-2016-2125 Improper Input Validation vulnerability in multiple products
It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication.
low complexity
samba redhat CWE-20
6.5
6.5
2018-08-22 CVE-2018-10919 Information Exposure vulnerability in multiple products
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks.
network
low complexity
canonical debian samba CWE-200
6.5
6.5
2018-08-22 CVE-2018-10918 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer.
network
low complexity
canonical samba CWE-476
6.5
6.5
2018-08-22 CVE-2018-1140 Improper Input Validation vulnerability in Samba
A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server.
low complexity
samba CWE-20
6.5
6.5