Vulnerabilities > Samba > Samba > 4.3.13
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-06 | CVE-2019-3824 | Out-of-bounds Read vulnerability in multiple products A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. | 4.0 |
| 2018-11-28 | CVE-2018-16851 | NULL Pointer Dereference vulnerability in multiple products Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. | 4.0 |
| 2018-11-28 | CVE-2018-16841 | Double Free vulnerability in multiple products Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. | 4.0 |
| 2018-11-28 | CVE-2018-14629 | Infinite Loop vulnerability in multiple products A denial of service vulnerability was discovered in Samba's LDAP server before versions 4.7.12, 4.8.7, and 4.9.3. | 4.0 |
| 2018-08-22 | CVE-2018-10919 | Information Exposure vulnerability in multiple products The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. | 4.0 |
| 2018-08-22 | CVE-2018-10858 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. | 6.5 |
| 2018-07-27 | CVE-2017-12151 | Cryptographic Issues vulnerability in multiple products A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. | 5.8 |
| 2018-07-26 | CVE-2017-12150 | It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. | 5.8 |
| 2018-07-26 | CVE-2017-12163 | Information Exposure vulnerability in multiple products An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. | 7.1 |
| 2018-03-13 | CVE-2018-1057 | Incorrect Authorization vulnerability in multiple products On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). | 6.5 |