| Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-4408 | 8.3 |
Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote AD domain controllers to execute arbitrary code via
|
13-02-2023 - 04:46 | 10-12-2013 - 06:14 | |
| CVE-2015-0240 | 10.0 |
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execu
|
13-02-2023 - 00:45 | 24-02-2015 - 01:59 | |
| CVE-2014-3493 | 2.7 |
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a Unicode pathname wi
|
13-02-2023 - 00:39 | 23-06-2014 - 14:55 | |
| CVE-2012-6150 | 3.6 |
The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which allows remote authenticated users to bypass intended a
|
01-09-2022 - 16:34 | 03-12-2013 - 19:55 | |
| CVE-2013-4475 | 4.0 |
Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restrictions by leveraging ACL differences between a file an
|
01-09-2022 - 16:34 | 13-11-2013 - 15:55 | |
| CVE-2014-0178 | 3.5 |
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows remote authenticated users to obtain po
|
01-09-2022 - 16:34 | 28-05-2014 - 04:58 | |
| CVE-2013-4496 | 5.0 |
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) S
|
29-08-2022 - 20:04 | 14-03-2014 - 10:55 | |
| CVE-2014-0239 | 5.0 |
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via
|
29-08-2022 - 20:04 | 28-05-2014 - 04:58 | |
| CVE-2013-4124 | 5.0 |
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
|
30-10-2018 - 16:27 | 06-08-2013 - 02:56 | |
| CVE-2014-0244 | 3.3 |
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
|
09-10-2018 - 19:41 | 23-06-2014 - 14:55 | |
| CVE-2013-4476 | 1.2 |
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information by reading the key file, as demonstrated by access t
|
03-03-2015 - 02:59 | 13-11-2013 - 15:55 |