Vulnerabilidades em SAMBA

17 resultados

CVE-2017-7494CRITICALSamba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious cliEPSS 99.4%KEV CVE-2021-44142HIGHThe Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoEPSS 74.0%CVE-2017-12150HIGHIt was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration EPSS 13.2%CVE-2017-2619—Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the servEPSS 11.2%CVE-2018-1057—On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDEPSS 10.3%CVE-2017-12163MEDIUMAn information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.EPSS 7.6%CVE-2018-1050—All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run aEPSS 6.7%CVE-2017-12151HIGHA flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3EPSS 4.6%CVE-2019-10218MEDIUMA flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathEPSS 3.5%CVE-2019-10197MEDIUMA flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters wEPSS 3.2%CVE-2018-16860HIGHA flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up tEPSS 2.5%CVE-2019-14847MEDIUMA flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resEPSS 2.4%CVE-2019-14833MEDIUMA flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user EPSS 2.1%CVE-2020-14342MEDIUMIt was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary coEPSS 0.7%CVE-2026-41035HIGHIn rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. TEPSS 0.3%CVE-2011-3585—Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mouEPSS 0.3%CVE-2024-58250CRITICALThe passprompt plugin in pppd in ppp before 2.5.2 mishandles privileges.EPSS 0.2%