Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
samba vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2001-0406
Samba prior to 2.2.0 allows local malicious users to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
Samba Samba
1 EDB exploit
4
CVSSv2
CVE-2019-12435
Samba 4.9.x prior to 4.9.9 and 4.10.x prior to 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.
Samba Samba
4
CVSSv2
CVE-2016-2126
Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with...
Samba Samba
NA
CVE-2022-32746
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAc...
Samba Samba
1.2
CVSSv2
CVE-2021-43566
All versions of Samba before 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via N...
Samba Samba
3.5
CVSSv2
CVE-2018-16852
Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or the Samba DLZ plugin for BIND9, if the DSPROPERTY_ZONE_MASTER_SERVERS property or ...
Samba Samba
4.3
CVSSv2
CVE-2018-16857
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to doma...
Samba Samba
5
CVSSv2
CVE-2021-23192
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Samba Samba
3.3
CVSSv2
CVE-2018-1140
A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards ...
Samba Samba
7.5
CVSSv2
CVE-2003-1332
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and previous versions allows remote malicious users to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.
Samba Samba
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »