Vulnerabilities > Samba > Samba > 4.9.18

DATE CVE VULNERABILITY TITLE RISK
2023-11-07 CVE-2023-4154 Out-of-bounds Write vulnerability in Samba
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs).
network
low complexity
samba CWE-787
6.5
2023-11-06 CVE-2023-42669 A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements.
network
low complexity
samba redhat
6.5
2023-11-03 CVE-2023-3961 Path Traversal vulnerability in multiple products
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory.
network
low complexity
samba redhat fedoraproject CWE-22
critical
9.8
2023-11-03 CVE-2023-42670 A flaw was found in Samba.
network
low complexity
samba fedoraproject
6.5
2023-11-03 CVE-2023-4091 Incorrect Default Permissions vulnerability in multiple products
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes".
network
low complexity
samba fedoraproject redhat CWE-276
6.5
2023-10-25 CVE-2023-5568 Out-of-bounds Write vulnerability in Samba
A heap-based Buffer Overflow flaw was discovered in Samba.
network
low complexity
samba CWE-787
6.5
2023-07-20 CVE-2023-34966 Infinite Loop vulnerability in multiple products
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight.
network
low complexity
samba fedoraproject redhat debian CWE-835
7.5
2023-07-20 CVE-2023-34967 Type Confusion vulnerability in multiple products
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight.
network
low complexity
samba fedoraproject redhat debian CWE-843
5.3
2023-07-20 CVE-2023-34968 A path disclosure vulnerability was found in Samba.
network
low complexity
samba fedoraproject redhat debian
5.3
2023-04-03 CVE-2023-0922 Cleartext Transmission of Sensitive Information vulnerability in Samba
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
network
high complexity
samba CWE-319
5.9