| Max CVSS | 5.1 | Min CVSS | 2.7 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-3493 | 2.7 |
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname wi
|
13-02-2023 - 00:39 | 23-06-2014 - 14:55 | |
| CVE-2013-4475 | 4.0 |
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file an
|
01-09-2022 - 16:34 | 13-11-2013 - 15:55 | |
| CVE-2014-0178 | 3.5 |
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain po
|
01-09-2022 - 16:34 | 28-05-2014 - 04:58 | |
| CVE-2015-5252 | 5.0 |
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points o
|
29-08-2022 - 20:26 | 29-12-2015 - 22:59 | |
| CVE-2015-5296 | 4.3 |
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-s
|
29-08-2022 - 20:06 | 29-12-2015 - 22:59 | |
| CVE-2015-5299 | 5.0 |
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote att
|
29-08-2022 - 20:04 | 29-12-2015 - 22:59 | |
| CVE-2013-4496 | 5.0 |
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) S
|
29-08-2022 - 20:04 | 14-03-2014 - 10:55 | |
| CVE-2013-0213 | 5.1 |
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element. Per: http://capec.mitre.org/data/definitions
|
30-10-2018 - 16:25 | 02-02-2013 - 20:55 | |
| CVE-2013-0214 | 5.1 |
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging kn
|
30-10-2018 - 16:25 | 02-02-2013 - 20:55 | |
| CVE-2014-0244 | 3.3 |
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
|
09-10-2018 - 19:41 | 23-06-2014 - 14:55 |