3.6.2

DATE	CVE	VULNERABILITY TITLE	RISK
2022-08-23	CVE-2021-20316	Race Condition vulnerability in multiple products A flaw was found in the way Samba handled file/directory metadata. network high complexity samba debian redhat CWE-362	6.8
2022-02-21	CVE-2021-44141	Link Following vulnerability in multiple products All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. network low complexity samba redhat fedoraproject CWE-59	4.3
2022-02-21	CVE-2021-44142	Out-of-bounds Write vulnerability in multiple products The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. network low complexity samba debian canonical synology fedoraproject redhat CWE-787	8.8
2022-02-18	CVE-2016-2124	Improper Authentication vulnerability in multiple products A flaw was found in the way samba implemented SMB1 authentication. network high complexity samba debian fedoraproject redhat canonical CWE-287	5.9
2022-02-18	CVE-2020-25717	Improper Input Validation vulnerability in multiple products A flaw was found in the way Samba maps domain users to local users. network low complexity samba debian fedoraproject redhat canonical CWE-20	8.1
2022-01-11	CVE-2021-43566	Race Condition vulnerability in Samba All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. local high complexity samba CWE-362	2.5
2021-10-12	CVE-2021-3671	NULL Pointer Dereference vulnerability in multiple products A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). network low complexity samba debian netapp CWE-476	6.5
2021-05-05	CVE-2021-20254	Out-of-bounds Read vulnerability in multiple products A flaw was found in samba. network high complexity samba fedoraproject redhat debian CWE-125	6.8
2020-12-03	CVE-2020-14318	Incorrect Privilege Assignment vulnerability in multiple products A flaw was found in the way samba handled file and directory permissions. network low complexity samba redhat CWE-266	4.3
2020-10-29	CVE-2020-14323	NULL Pointer Dereference vulnerability in multiple products A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. local low complexity samba opensuse fedoraproject debian CWE-476	5.5