Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2010-3069 | 7.5 |
Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file
|
13-02-2023 - 04:21 | 15-09-2010 - 18:00 | |
CVE-2010-2063 | 7.5 |
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arb
|
13-02-2023 - 04:19 | 17-06-2010 - 16:30 | |
CVE-2015-0240 | 10.0 |
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execu
|
13-02-2023 - 00:45 | 24-02-2015 - 01:59 | |
CVE-2014-3493 | 2.7 |
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname wi
|
13-02-2023 - 00:39 | 23-06-2014 - 14:55 | |
CVE-2011-2724 | 1.2 |
The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid characters, which allows local users to cause a denia
|
13-02-2023 - 00:19 | 06-09-2011 - 16:55 | |
CVE-2013-4475 | 4.0 |
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file an
|
01-09-2022 - 16:34 | 13-11-2013 - 15:55 | |
CVE-2016-2118 | 6.8 |
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersona
|
29-08-2022 - 20:20 | 12-04-2016 - 23:59 | |
CVE-2013-4496 | 5.0 |
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) S
|
29-08-2022 - 20:04 | 14-03-2014 - 10:55 | |
CVE-2017-7494 | 10.0 |
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
|
16-08-2022 - 13:02 | 30-05-2017 - 18:29 | |
CVE-2013-4124 | 5.0 |
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
|
30-10-2018 - 16:27 | 06-08-2013 - 02:56 | |
CVE-2012-1182 | 10.0 |
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execut
|
30-10-2018 - 16:25 | 10-04-2012 - 21:55 | |
CVE-2011-0719 | 5.0 |
Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite
|
30-10-2018 - 16:25 | 01-03-2011 - 23:00 | |
CVE-2012-2111 | 6.5 |
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges da
|
05-01-2018 - 02:29 | 30-04-2012 - 14:55 | |
CVE-2010-0787 | 4.4 |
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.
|
17-08-2017 - 01:32 | 02-03-2010 - 18:30 |