Filtered by vendor Samba
Subscribe
Total
236 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-1999-0811 | 1 Samba | 1 Samba | 2025-04-03 | 5.0 MEDIUM | N/A |
| Buffer overflow in Samba smbd program via a malformed message command. | |||||
| CVE-2003-1332 | 2 Linux, Samba | 2 Linux Kernel, Samba | 2025-04-03 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201. | |||||
| CVE-2004-1002 | 2 Canonical, Samba | 2 Ubuntu Linux, Ppp | 2025-04-03 | 5.0 MEDIUM | 7.5 HIGH |
| Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location. | |||||
| CVE-2004-0829 | 1 Samba | 1 Samba | 2025-04-03 | 5.0 MEDIUM | N/A |
| smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. | |||||
| CVE-2004-0028 | 1 Samba | 1 Jitterbug | 2025-04-03 | 7.5 HIGH | N/A |
| jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-1999-0810 | 1 Samba | 1 Samba | 2025-04-03 | 10.0 HIGH | N/A |
| Denial of service in Samba NETBIOS name service daemon (nmbd). | |||||
| CVE-1999-0182 | 1 Samba | 1 Samba | 2025-04-03 | 10.0 HIGH | N/A |
| Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. | |||||
| CVE-2004-0082 | 1 Samba | 1 Samba | 2025-04-03 | 7.5 HIGH | N/A |
| The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. | |||||
| CVE-2004-2687 | 2 Apple, Samba | 2 Xcode, Samba | 2025-04-03 | 9.3 HIGH | N/A |
| distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | |||||
| CVE-2001-1162 | 2 Hp, Samba | 2 Cifs-9000 Server, Samba | 2025-04-03 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file. | |||||
| CVE-2003-0196 | 5 Compaq, Hp, Samba and 2 more | 7 Tru64, Cifs-9000 Server, Hp-ux and 4 more | 2025-04-03 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. | |||||
| CVE-1999-1288 | 4 Caldera, Redhat, Samba and 1 more | 4 Openlinux, Linux, Samba and 1 more | 2025-04-03 | 4.6 MEDIUM | N/A |
| Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program. | |||||
| CVE-2000-0939 | 1 Samba | 1 Samba | 2025-04-03 | 5.0 MEDIUM | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart. | |||||
| CVE-2002-2196 | 1 Samba | 1 Samba | 2025-04-03 | 7.5 HIGH | N/A |
| Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack. | |||||
| CVE-2000-0936 | 1 Samba | 1 Samba | 2025-04-03 | 2.1 LOW | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. | |||||
| CVE-2004-1154 | 4 Redhat, Samba, Suse and 1 more | 4 Fedora Core, Samba, Suse Linux and 1 more | 2025-04-03 | 10.0 HIGH | N/A |
| Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. | |||||
| CVE-2022-45141 | 1 Samba | 1 Samba | 2025-03-06 | N/A | 9.8 CRITICAL |
| Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | |||||
| CVE-2023-0225 | 1 Samba | 1 Samba | 2025-02-18 | N/A | 4.3 MEDIUM |
| A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | |||||
| CVE-2023-0922 | 1 Samba | 1 Samba | 2025-02-13 | N/A | 5.9 MEDIUM |
| The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | |||||
| CVE-2023-0614 | 1 Samba | 1 Samba | 2025-02-13 | N/A | 6.5 MEDIUM |
| The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. | |||||