Vulnerabilities > Samba > Samba > 4.11.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-03 | CVE-2023-0614 | Cleartext Storage of Sensitive Information vulnerability in Samba The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. | 6.5 |
| 2023-03-06 | CVE-2021-20251 | Race Condition vulnerability in multiple products A flaw was found in samba. | 5.9 |
| 2023-01-17 | CVE-2018-14628 | Missing Authorization vulnerability in multiple products An information leak vulnerability was discovered in Samba's LDAP server. | 4.3 |
| 2023-01-12 | CVE-2022-3437 | Heap-based Buffer Overflow vulnerability in multiple products A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. | 6.5 |
| 2022-12-25 | CVE-2022-42898 | Integer Overflow or Wraparound vulnerability in multiple products PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. | 8.8 |
| 2022-09-01 | CVE-2022-1615 | Use of Insufficiently Random Values vulnerability in multiple products In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. | 5.5 |
| 2022-09-01 | CVE-2022-32743 | Incorrect Default Permissions vulnerability in multiple products Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | 7.5 |
| 2022-08-29 | CVE-2022-0336 | Incorrect Default Permissions vulnerability in multiple products The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. | 8.8 |
| 2022-08-25 | CVE-2022-2031 | Improper Authentication vulnerability in Samba A flaw was found in Samba. | 8.8 |
| 2022-08-25 | CVE-2022-32742 | Unspecified vulnerability in Samba A flaw was found in Samba. | 4.3 |