4.1.13

DATE	CVE	VULNERABILITY TITLE	RISK
2022-01-11	CVE-2021-43566	Race Condition vulnerability in Samba All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. local high complexity samba CWE-362	2.5
2021-10-12	CVE-2021-3671	NULL Pointer Dereference vulnerability in multiple products A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). network low complexity samba debian netapp CWE-476	6.5
2021-05-12	CVE-2020-27840	Out-of-bounds Read vulnerability in multiple products A flaw was found in samba. network low complexity samba debian fedoraproject CWE-125	7.5
2021-05-12	CVE-2021-20277	Out-of-bounds Write vulnerability in multiple products A flaw was found in Samba's libldb. network low complexity samba debian fedoraproject CWE-787	7.5
2021-05-05	CVE-2021-20254	Out-of-bounds Read vulnerability in multiple products A flaw was found in samba. network high complexity samba fedoraproject redhat debian CWE-125	6.8
2020-12-03	CVE-2020-14318	Incorrect Privilege Assignment vulnerability in multiple products A flaw was found in the way samba handled file and directory permissions. network low complexity samba redhat CWE-266	4.3
2020-12-02	CVE-2020-14383	A flaw was found in samba's DNS server. network low complexity samba redhat	6.5
2020-11-11	CVE-2020-17049	Incorrect Authorization vulnerability in multiple products <p>A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).</p> <p>To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.</p> <p>The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.</p> network high complexity microsoft samba CWE-863	6.6
2020-10-29	CVE-2020-14323	NULL Pointer Dereference vulnerability in multiple products A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. local low complexity samba opensuse fedoraproject debian CWE-476	5.5
2020-08-17	CVE-2020-1472	Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). local low complexity microsoft fedoraproject opensuse canonical synology samba debian oracle CWE-330	5.5