Max CVSS | 8.3 | Min CVSS | 2.7 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-4408 | 8.3 |
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via
|
13-02-2023 - 04:46 | 10-12-2013 - 06:14 | |
CVE-2014-3493 | 2.7 |
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname wi
|
13-02-2023 - 00:39 | 23-06-2014 - 14:55 | |
CVE-2012-6150 | 3.6 |
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended a
|
01-09-2022 - 16:34 | 03-12-2013 - 19:55 | |
CVE-2013-4475 | 4.0 |
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file an
|
01-09-2022 - 16:34 | 13-11-2013 - 15:55 | |
CVE-2014-0178 | 3.5 |
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain po
|
01-09-2022 - 16:34 | 28-05-2014 - 04:58 | |
CVE-2013-4496 | 5.0 |
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) S
|
29-08-2022 - 20:04 | 14-03-2014 - 10:55 | |
CVE-2014-3560 | 7.9 |
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the u
|
22-04-2019 - 17:48 | 06-08-2014 - 18:55 | |
CVE-2013-4124 | 5.0 |
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
|
30-10-2018 - 16:27 | 06-08-2013 - 02:56 | |
CVE-2014-0244 | 3.3 |
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
|
09-10-2018 - 19:41 | 23-06-2014 - 14:55 | |
CVE-2013-6442 | 5.8 |
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circu
|
07-01-2017 - 02:59 | 14-03-2014 - 10:55 |