Search CVE reports
1 – 10 of 187 results
CVE-2020-25720
Medium priorityA vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2023-5568
Low priorityA heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-42670
Medium priorityA flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Fixed | Not affected | Not affected | Not affected |
CVE-2023-42669
Medium prioritySome fixes available 6 of 9
A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-4154
Medium prioritySome fixes available 6 of 9
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-4091
Medium prioritySome fixes available 6 of 9
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-3961
Medium priorityA path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-34968
Medium prioritySome fixes available 7 of 10
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
CVE-2023-34967
Medium priorityA Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | — | Fixed | Fixed | Not affected | Not affected |
CVE-2023-34966
Medium prioritySome fixes available 7 of 10
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the...
1 affected packages
samba
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
samba | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |