4.9.6

DATE	CVE	VULNERABILITY TITLE	RISK
2019-12-10	CVE-2019-14861	Incorrect Default Permissions vulnerability in multiple products All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. network high complexity samba fedoraproject canonical opensuse debian CWE-276	5.3
2019-11-06	CVE-2019-14847	NULL Pointer Dereference vulnerability in multiple products A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. network low complexity samba opensuse fedoraproject CWE-476	4.9
2019-11-06	CVE-2019-14833	Weak Password Requirements vulnerability in multiple products A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. network low complexity samba opensuse fedoraproject CWE-521	5.4
2019-11-06	CVE-2019-10218	Path Traversal vulnerability in multiple products A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. network low complexity samba fedoraproject CWE-22	6.5
2019-09-03	CVE-2019-10197	Path Traversal vulnerability in multiple products A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. network low complexity samba debian canonical CWE-22 critical	9.1
2019-07-31	CVE-2018-16860	Improperly Implemented Security Check for Standard vulnerability in multiple products A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. network samba heimdal-project CWE-358	6.0
2019-06-19	CVE-2019-12435	NULL Pointer Dereference vulnerability in Samba Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. network low complexity samba CWE-476	6.5
2019-03-06	CVE-2019-3824	Out-of-bounds Read vulnerability in multiple products A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. network low complexity samba canonical debian CWE-125	4.0