CVE-2015-8467
- EPSS 3.13%
- Veröffentlicht 29.12.2015 22:59:07
- Zuletzt bearbeitet 06.05.2026 22:30:45
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, wh...
CVE-2015-7540
- EPSS 7.12%
- Veröffentlicht 29.12.2015 22:59:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via cra...
CVE-2015-5330
- EPSS 6.11%
- Veröffentlicht 29.12.2015 22:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending craft...
CVE-2015-5299
- EPSS 13.58%
- Veröffentlicht 29.12.2015 22:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote att...
CVE-2015-5296
- EPSS 7.26%
- Veröffentlicht 29.12.2015 22:59:02
- Zuletzt bearbeitet 06.05.2026 22:30:45
Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-s...
CVE-2015-5252
- EPSS 13.27%
- Veröffentlicht 29.12.2015 22:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points o...
CVE-2015-3223
- EPSS 6.88%
- Veröffentlicht 29.12.2015 22:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a deni...
- EPSS 87.64%
- Veröffentlicht 24.02.2015 01:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which allows remote attackers to execu...
CVE-2014-8143
- EPSS 4.26%
- Veröffentlicht 17.01.2015 02:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequent...
CVE-2014-3560
- EPSS 56.38%
- Veröffentlicht 06.08.2014 18:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an incorrect variable in the u...