Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 187 results


CVE-2023-3347

Medium priority
Fixed

A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-2127

Medium priority

Some fixes available 7 of 10

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Fixed Fixed Needs evaluation Needs evaluation
Show less packages

CVE-2023-0922

Medium priority

Some fixes available 7 of 10

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2023-0614

Medium priority

Some fixes available 9 of 15

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

2 affected packages

ldb, samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldb Not in release Fixed Fixed Vulnerable Vulnerable
samba Fixed Fixed Fixed Vulnerable Vulnerable
Show less packages

CVE-2023-0225

Medium priority
Fixed

A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Not affected Not affected Not affected Not affected
Show less packages

CVE-2018-14628

Low priority

Some fixes available 2 of 10

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-3592

Medium priority
Not affected

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-42898

Medium priority

Some fixes available 13 of 22

PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which...

3 affected packages

heimdal, krb5, samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
heimdal Vulnerable Vulnerable Fixed Fixed Fixed
krb5 Not affected Fixed Fixed Fixed Fixed
samba Not affected Fixed Fixed Vulnerable Needs evaluation
Show less packages

CVE-2022-44640

Medium priority

Some fixes available 4 of 10

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).

2 affected packages

heimdal, samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
heimdal Vulnerable Vulnerable Fixed Fixed Fixed
samba Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-45141

Medium priority

Some fixes available 2 of 4

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Not affected Fixed Fixed Vulnerable Needs evaluation
Show less packages