Vulnerabilities > Samba > Samba > 4.3.13

DATE CVE VULNERABILITY TITLE RISK
2022-08-25 CVE-2022-32744 Authentication Bypass by Spoofing vulnerability in Samba
A flaw was found in Samba.
network
low complexity
samba CWE-290
8.8
8.8
2022-08-25 CVE-2022-32746 Use After Free vulnerability in Samba
A flaw was found in the Samba AD LDAP server.
network
low complexity
samba CWE-416
5.4
5.4
2022-08-23 CVE-2021-20316 Race Condition vulnerability in multiple products
A flaw was found in the way Samba handled file/directory metadata.
network
high complexity
samba debian redhat CWE-362
6.8
6.8
2022-08-23 CVE-2021-3670 MaxQueryDuration not honoured in Samba AD DC LDAP
network
low complexity
samba redhat fedoraproject
6.5
6.5
2022-03-02 CVE-2021-3738 Use After Free vulnerability in Samba
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'.
network
low complexity
samba CWE-416
8.8
8.8
2022-02-21 CVE-2021-44141 Link Following vulnerability in multiple products
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition.
network
low complexity
samba redhat fedoraproject CWE-59
4.3
4.3
2022-02-21 CVE-2021-44142 Out-of-bounds Write vulnerability in multiple products
The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. 		8.8
8.8
2022-02-18 CVE-2016-2124 Improper Authentication vulnerability in multiple products
A flaw was found in the way samba implemented SMB1 authentication.
network
high complexity
samba debian fedoraproject redhat canonical CWE-287
5.9
5.9
2022-02-18 CVE-2020-25717 Improper Input Validation vulnerability in multiple products
A flaw was found in the way Samba maps domain users to local users.
network
low complexity
samba debian fedoraproject redhat canonical CWE-20
8.1
8.1
2022-02-18 CVE-2020-25718 Missing Authorization vulnerability in multiple products
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller).
network
low complexity
samba fedoraproject CWE-862
8.8
8.8