Vulnerabilities > Samba > Samba > 4.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-18 | CVE-2020-25719 | Race Condition vulnerability in multiple products A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. | 7.2 |
2022-02-18 | CVE-2020-25722 | Incorrect Authorization vulnerability in multiple products Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. | 8.8 |
2022-01-11 | CVE-2021-43566 | Race Condition vulnerability in Samba All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. | 2.5 |
2021-10-12 | CVE-2021-3671 | NULL Pointer Dereference vulnerability in multiple products A null pointer de-reference was found in the way samba kerberos server handled missing sname in TGS-REQ (Ticket Granting Server - Request). | 6.5 |
2021-05-12 | CVE-2020-27840 | Out-of-bounds Read vulnerability in multiple products A flaw was found in samba. | 7.5 |
2021-05-12 | CVE-2021-20277 | Out-of-bounds Write vulnerability in multiple products A flaw was found in Samba's libldb. | 7.5 |
2021-05-05 | CVE-2021-20254 | Out-of-bounds Read vulnerability in multiple products A flaw was found in samba. | 6.8 |
2020-12-03 | CVE-2020-14318 | Incorrect Privilege Assignment vulnerability in multiple products A flaw was found in the way samba handled file and directory permissions. | 4.3 |
2020-12-02 | CVE-2020-14383 | A flaw was found in samba's DNS server. | 6.5 |
2020-11-11 | CVE-2020-17049 | Incorrect Authorization vulnerability in multiple products <p>A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD).</p> <p>To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it.</p> <p>The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD.</p> | 6.6 |