Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
samba samba vulnerabilities and exploits
(subscribe to this query)
2.5
CVSSv3
CVE-2021-43566
All versions of Samba before 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via N...
Samba Samba
8.8
CVSSv3
CVE-2016-2123
A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the...
Samba Samba
NA
CVE-2009-2948
mount.cifs in Samba 3.0 prior to 3.0.37, 3.2 prior to 3.2.15, 3.3 prior to 3.3.8 and 3.4 prior to 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specify...
Samba Samba
NA
CVE-2003-1332
Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and previous versions allows remote malicious users to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201.
Samba Samba
6.5
CVSSv3
CVE-2023-4154
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes...
Samba Samba
8.8
CVSSv3
CVE-2020-25721
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
Samba Samba
NA
CVE-2008-3789
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
Samba Samba
5.9
CVSSv3
CVE-2018-16853
Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba Team clarify that the MIT Kerberos build of the Samba AD DC is considered experime...
Samba Samba
5.9
CVSSv3
CVE-2018-16857
Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to doma...
Samba Samba
8.8
CVSSv3
CVE-2021-3738
In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the us...
Samba Samba
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »