Vulnerabilities > Samba > Samba > 4.0.2

DATE CVE VULNERABILITY TITLE RISK
2021-05-05 CVE-2021-20254 A flaw was found in samba.
network
high complexity
samba fedoraproject redhat debian
6.8
6.8
2020-12-03 CVE-2020-14318 A flaw was found in the way samba handled file and directory permissions.
network
low complexity
samba redhat
4.3
4.3
2020-12-02 CVE-2020-14383 A flaw was found in samba's DNS server.
network
low complexity
samba redhat
6.5
6.5
2020-10-29 CVE-2020-14323 NULL Pointer Dereference vulnerability in multiple products
A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1.
local
low complexity
samba opensuse fedoraproject debian CWE-476
5.5
5.5
2020-07-07 CVE-2020-10745 Resource Exhaustion vulnerability in multiple products
A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP.
network
low complexity
samba fedoraproject opensuse debian CWE-400
7.5
7.5
2020-05-06 CVE-2020-10704 Uncontrolled Recursion vulnerability in multiple products
A flaw was found when using samba as an Active Directory Domain Controller.
network
low complexity
samba fedoraproject opensuse debian CWE-674
7.5
7.5
2020-01-21 CVE-2019-14902 There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.
network
low complexity
samba canonical opensuse debian
5.4
5.4
2019-12-10 CVE-2019-14870 Improper Authentication vulnerability in multiple products
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. 		5.4
5.4
2019-12-10 CVE-2019-14861 All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones.
network
high complexity
samba fedoraproject canonical opensuse debian
5.3
5.3
2019-11-06 CVE-2019-14847 NULL Pointer Dereference vulnerability in multiple products
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10.
network
low complexity
samba opensuse fedoraproject CWE-476
4.9
4.9