3.6.2

DATE	CVE	VULNERABILITY TITLE	RISK
2020-08-17	CVE-2020-1472	Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). local low complexity microsoft fedoraproject opensuse canonical synology samba debian oracle CWE-330	5.5
2019-11-06	CVE-2019-10218	Path Traversal vulnerability in multiple products A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. network low complexity samba fedoraproject CWE-22	6.5
2019-04-09	CVE-2019-3880	Path Traversal vulnerability in multiple products A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. network low complexity samba debian redhat fedoraproject opensuse CWE-22	5.4
2019-03-06	CVE-2019-3824	Out-of-bounds Read vulnerability in multiple products A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. network low complexity samba canonical debian CWE-125	4.0
2018-10-31	CVE-2016-2125	Improper Input Validation vulnerability in multiple products It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. low complexity samba redhat CWE-20	6.5
2018-08-22	CVE-2018-10858	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. network low complexity debian canonical samba redhat CWE-119	6.5
2018-07-27	CVE-2017-12151	Cryptographic Issues vulnerability in multiple products A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. network samba debian redhat hp CWE-310	5.8
2018-07-26	CVE-2017-12150	It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. network samba redhat debian	5.8
2018-07-26	CVE-2017-12163	Information Exposure vulnerability in multiple products An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. low complexity samba redhat debian CWE-200	7.1
2018-03-13	CVE-2018-1050	NULL Pointer Dereference vulnerability in multiple products All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. low complexity canonical samba debian redhat CWE-476	3.3