4.0.11

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-21	CVE-2021-44142	Out-of-bounds Write vulnerability in multiple products The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. network low complexity samba debian canonical synology fedoraproject redhat CWE-787	8.8
2022-02-18	CVE-2016-2124	Improper Authentication vulnerability in multiple products A flaw was found in the way samba implemented SMB1 authentication. network high complexity samba debian fedoraproject redhat canonical CWE-287	5.9
2022-02-18	CVE-2020-25717	Improper Input Validation vulnerability in multiple products A flaw was found in the way Samba maps domain users to local users. network low complexity samba debian fedoraproject redhat canonical CWE-20	8.1
2022-02-18	CVE-2020-25718	Missing Authorization vulnerability in multiple products A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). network low complexity samba fedoraproject CWE-862	8.8
2022-02-18	CVE-2020-25719	Race Condition vulnerability in multiple products A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. network low complexity samba debian fedoraproject canonical redhat CWE-362	7.2
2022-02-18	CVE-2020-25722	Incorrect Authorization vulnerability in multiple products Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. network low complexity samba debian fedoraproject canonical CWE-863	8.8
2022-01-11	CVE-2021-43566	Race Condition vulnerability in Samba All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. local high complexity samba CWE-362	2.5
2021-10-12	CVE-2021-3671	NULL Pointer Dereference vulnerability in multiple products A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). network low complexity samba debian netapp CWE-476	6.5
2021-05-12	CVE-2020-27840	Out-of-bounds Read vulnerability in multiple products A flaw was found in samba. network low complexity samba debian fedoraproject CWE-125	7.5
2021-05-12	CVE-2021-20277	Out-of-bounds Write vulnerability in multiple products A flaw was found in Samba's libldb. network low complexity samba debian fedoraproject CWE-787	7.5