Vulnerabilities > Samba > Samba > 4.2.14
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-12 | CVE-2017-2619 | Link Following vulnerability in multiple products Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition. | 6.0 |
2017-11-27 | CVE-2017-15275 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. | 5.0 |
2017-11-27 | CVE-2017-14746 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | 7.5 |
2017-07-13 | CVE-2017-11103 | Insufficient Verification of Data Authenticity vulnerability in multiple products Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. | 6.8 |
2017-06-06 | CVE-2017-9461 | Infinite Loop vulnerability in multiple products smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of service vulnerability (fd_open_atomic infinite loop with high CPU usage and memory consumption) due to wrongly handling dangling symlinks. | 6.5 |
2017-05-30 | CVE-2017-7494 | Code Injection vulnerability in multiple products Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. | 10.0 |
2017-05-11 | CVE-2016-2126 | Permissions, Privileges, and Access Controls vulnerability in Samba Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. | 4.0 |