Vulnerabilities > Samba > Samba > 3.5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-3961 | Path Traversal vulnerability in multiple products A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. | 9.8 |
| 2023-11-03 | CVE-2023-42670 | A flaw was found in Samba. | 6.5 |
| 2023-11-03 | CVE-2023-4091 | Incorrect Default Permissions vulnerability in multiple products A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". | 6.5 |
| 2023-10-25 | CVE-2023-5568 | Out-of-bounds Write vulnerability in Samba A heap-based Buffer Overflow flaw was discovered in Samba. | 6.5 |
| 2023-07-20 | CVE-2023-34966 | Infinite Loop vulnerability in multiple products An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. | 7.5 |
| 2023-07-20 | CVE-2023-34967 | Type Confusion vulnerability in multiple products A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. | 5.3 |
| 2023-07-20 | CVE-2023-34968 | Information Exposure Through Sent Data vulnerability in multiple products A path disclosure vulnerability was found in Samba. | 5.3 |
| 2022-12-25 | CVE-2022-42898 | Integer Overflow or Wraparound vulnerability in multiple products PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. | 8.8 |
| 2022-08-25 | CVE-2022-2031 | Improper Authentication vulnerability in Samba A flaw was found in Samba. | 8.8 |
| 2022-08-25 | CVE-2022-32742 | Unspecified vulnerability in Samba A flaw was found in Samba. | 4.3 |