CVSS: 8.8EPSS: 1%CPEs: 163EXPL: 0CVE-2013-0214 – samba: cross-site request forgery vulnerability in SWAT
https://notcve.org/view.php?id=CVE-2013-0214
02 Feb 2013 — Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en el Samba Web Administration Tool (SWAT)en Samba v3.x anterior a v3.5.21, v3.6.x anterior a v3.6.12, y v4.... • http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00019.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-0172
https://notcve.org/view.php?id=CVE-2013-0172
17 Jan 2013 — Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute. Samba v4.0.x antes de v4.0.1, en ??algunas configuraciones de Active Directory del controlador de dominio, no i... • http://www.samba.org/samba/security/CVE-2013-0172 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 37EXPL: 0CVE-2012-2111 – samba: Incorrect permission checks when granting/removing privileges
https://notcve.org/view.php?id=CVE-2012-2111
30 Apr 2012 — The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection. El (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, y (4) RemoveAccountRights LSA RPC procedimientos en smbd de Samba v3.4.x anterior a v3.4.... • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079662.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 75%CPEs: 144EXPL: 1CVE-2012-1182 – Samba ReportEventW Heap Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1182
10 Apr 2012 — The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. El generador de código RPC de Samba 3.x anteriores a 3.4.16, 3.5.x anteriores a 3.5.14, y 3.6.x anteriores a 3.6.4 no implementa la validación de una longitud de array de una manera consistente con la validación de la res... • https://www.exploit-db.com/exploits/21850 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 2%CPEs: 3EXPL: 0CVE-2012-0817
https://notcve.org/view.php?id=CVE-2012-0817
30 Jan 2012 — Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. Fallo de memoria en smbd en Samba v3.6.x anterior a 3.6.3 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria y CPU)realizando numerosas peticiones de conexión. • http://lists.fedoraproject.org/pipermail/package-announce/2012-February/072930.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •