CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-14323 – samba: Unprivileged user can crash winbind
https://notcve.org/view.php?id=CVE-2020-14323
29 Oct 2020 — A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. Se encontró uno fallo de desreferencia del puntero null en el servicio Winbind de samba en versiones anteriores a 4.11.15, 4.12.9 y 4.13.1. Un usuario local podría utilizar este fallo para bloquear el servicio winbind causando una denegación de servicio A null pointer dereference flaw wa... • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html • CWE-170: Improper Null Termination CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 94%CPEs: 25EXPL: 69CVE-2020-1472 – Microsoft Netlogon Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-1472
17 Aug 2020 — An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the... • https://packetstorm.news/files/id/180777 • CWE-287: Improper Authentication CWE-330: Use of Insufficiently Random Values •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2011-3585 – Samba mtab lock file race condition
https://notcve.org/view.php?id=CVE-2011-3585
31 Dec 2019 — Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists. Múltiples condiciones de carrera en los programas (1) mount.cifs y (2) umount.cifs en Samba versión 3.6, permiten a usuarios locales causar una denegación de servicio (interrupción del montaje) por medio de una señal SIGKILL durante una ventana de tiempo cuando existe el archivo /et... • https://bugzilla.redhat.com/show_bug.cgi?id=742907 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.5EPSS: 6%CPEs: 5EXPL: 0CVE-2019-10218 – samba: smb client vulnerable to filenames containing path separators
https://notcve.org/view.php?id=CVE-2019-10218
29 Oct 2019 — A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user. Se encontró un fallo en el cliente de samba, todas las versiones de samba anteriores a samba 4.11.2, 4.... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00015.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 3%CPEs: 10EXPL: 0CVE-2019-3880 – samba: save registry file outside share as unprivileged user
https://notcve.org/view.php?id=CVE-2019-3880
08 Apr 2019 — A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable. Se encontró un fallo en la forma en que samba implementó RPC endpoint, que emula la API de servicios de registro de Windows. Un atacante sin privilegios podría usar este ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00050.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 8%CPEs: 6EXPL: 0CVE-2019-3824 – Debian Security Advisory 4397-1
https://notcve.org/view.php?id=CVE-2019-3824
27 Feb 2019 — A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. Se ha detectado un fallo en la manera en la que una expresión de búsqueda LDAP podría provocar el cierre inesperado del proceso del servidor LDAP de un AD DC de samba en samba en versiones anteriores a la 4.10. Un usuario autenticado con permisos de lec... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00035.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 7%CPEs: 12EXPL: 0CVE-2018-10858 – samba: Insufficient input validation in libsmbclient
https://notcve.org/view.php?id=CVE-2018-10858
14 Aug 2018 — A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server could use this flaw to cause arbitrary code execution on a samba client. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable. Se ha descubierto un desbordamiento de búfer en la manera en la que los clientes de samba procesaban nombres de archivo excesivamente largos en un listado de directorios. Un servidor samba malicioso podría utilizar este defecto para provoca... • http://www.securityfocus.com/bid/105085 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 25%CPEs: 16EXPL: 0CVE-2018-1050 – samba: NULL pointer dereference in printer server process
https://notcve.org/view.php?id=CVE-2018-1050
13 Mar 2018 — All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. Todas las versiones de Samba, desde la 4.0.0 en adelante, son vulnerables a un ataque de denegación de servicio (DoS) cuando el servicio RPC spoolss se configura para ejecutarse como demonio externo. La falta de com... • http://www.securityfocus.com/bid/103387 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 44%CPEs: 15EXPL: 0CVE-2017-15275 – samba: Server heap-memory disclosure
https://notcve.org/view.php?id=CVE-2017-15275
21 Nov 2017 — Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory. Las versiones anteriores a la 4.7.3 de Samba podrían permitir que atacantes remotos obtengan información sensible aprovechando el error del servidor para borrar la memoria dinámica (heap) asignada. A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending specially-c... • http://www.securityfocus.com/bid/101908 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.4EPSS: 22%CPEs: 14EXPL: 0CVE-2017-12150 – samba: Some code path don't enforce smb signing, when they should
https://notcve.org/view.php?id=CVE-2017-12150
21 Sep 2017 — It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. Se ha descubierto que Samba en versiones anteriores a la 4.4.16, versiones 4.5.x anteriores a la 4.5.14 y versiones 4.6.x anteriores a la 4.6.8 no cumple "SMB signing" cuando están habilitadas determinadas opciones de configuración. Un atacante remoto ... • http://www.securityfocus.com/bid/100918 • CWE-300: Channel Accessible by Non-Endpoint •