Vulnerabilities > Samba > Samba > 4.15.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-25 | CVE-2022-32744 | Authentication Bypass by Spoofing vulnerability in Samba A flaw was found in Samba. | 8.8 |
2022-08-25 | CVE-2022-32745 | Use of Uninitialized Resource vulnerability in Samba A flaw was found in Samba. | 8.1 |
2022-08-25 | CVE-2022-32746 | Use After Free vulnerability in Samba A flaw was found in the Samba AD LDAP server. | 5.4 |
2022-08-23 | CVE-2021-3670 | MaxQueryDuration not honoured in Samba AD DC LDAP | 6.5 |
2022-02-21 | CVE-2021-44141 | Link Following vulnerability in multiple products All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. | 4.3 |
2022-02-21 | CVE-2021-44142 | Out-of-bounds Write vulnerability in multiple products The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. | 8.8 |