Filtered by vendor Samba
Subscriptions
Filtered by product Samba
Subscriptions
Total
209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4154 | 2 Redhat, Samba | 3 Enterprise Linux, Storage, Samba | 2024-08-02 | 7.5 High |
| A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence. | ||||
| CVE-2023-0922 | 1 Samba | 1 Samba | 2024-08-02 | 5.9 Medium |
| The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. | ||||
| CVE-2023-0614 | 1 Samba | 1 Samba | 2024-08-02 | 6.5 Medium |
| The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. | ||||
| CVE-2023-0225 | 1 Samba | 1 Samba | 2024-08-02 | 4.3 Medium |
| A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. | ||||
| CVE-1999-1288 | 4 Caldera, Redhat, Samba and 1 more | 4 Openlinux, Linux, Samba and 1 more | 2024-08-01 | N/A |
| Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program. | ||||
| CVE-1999-0811 | 1 Samba | 1 Samba | 2024-08-01 | N/A |
| Buffer overflow in Samba smbd program via a malformed message command. | ||||
| CVE-1999-0812 | 1 Samba | 1 Samba | 2024-08-01 | N/A |
| Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. | ||||
| CVE-1999-0810 | 1 Samba | 1 Samba | 2024-08-01 | N/A |
| Denial of service in Samba NETBIOS name service daemon (nmbd). | ||||
| CVE-1999-0182 | 1 Samba | 1 Samba | 2024-08-01 | N/A |
| Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. | ||||