Samba

Samba

217 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 2.5%
  • Veröffentlicht 28.05.2026 07:25:27
  • Zuletzt bearbeitet 03.07.2026 13:17:25

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client...

  • EPSS 0.86%
  • Veröffentlicht 27.05.2026 12:28:44
  • Zuletzt bearbeitet 03.07.2026 13:16:58

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point m...

  • EPSS 0.94%
  • Veröffentlicht 27.05.2026 12:09:32
  • Zuletzt bearbeitet 02.07.2026 20:17:02

A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an...

  • EPSS 0.26%
  • Veröffentlicht 27.05.2026 10:02:21
  • Zuletzt bearbeitet 03.07.2026 13:17:10

A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without prop...

Medienbericht
  • EPSS 12.8%
  • Veröffentlicht 26.05.2026 13:56:32
  • Zuletzt bearbeitet 30.06.2026 03:20:33

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remot...

Medienbericht
  • EPSS 40.12%
  • Veröffentlicht 07.11.2025 19:42:06
  • Zuletzt bearbeitet 29.06.2026 21:16:31

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shel...

  • EPSS 0.6%
  • Veröffentlicht 06.06.2025 13:10:07
  • Zuletzt bearbeitet 30.06.2026 00:16:49

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again.

  • EPSS 0.48%
  • Veröffentlicht 17.11.2024 11:15:04
  • Zuletzt bearbeitet 27.04.2026 21:16:21

A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creatio...

  • EPSS 1.15%
  • Veröffentlicht 07.11.2023 20:15:08
  • Zuletzt bearbeitet 21.11.2024 08:34:29

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right...

  • EPSS 1.72%
  • Veröffentlicht 06.11.2023 07:15:09
  • Zuletzt bearbeitet 21.11.2024 08:22:55

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpc...