- EPSS 69.01%
- Veröffentlicht 06.08.2013 02:56:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
- EPSS 2.98%
- Veröffentlicht 26.03.2013 21:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated u...
- EPSS 2.16%
- Veröffentlicht 19.03.2013 17:55:02
- Zuletzt bearbeitet 29.04.2026 01:13:23
Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard file...
CVE-2013-0213
- EPSS 3.25%
- Veröffentlicht 02.02.2013 20:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
CVE-2013-0214
- EPSS 1.91%
- Veröffentlicht 02.02.2013 20:55:03
- Zuletzt bearbeitet 29.04.2026 01:13:23
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging kn...
CVE-2013-0172
- EPSS 2.43%
- Veröffentlicht 17.01.2013 21:55:00
- Zuletzt bearbeitet 29.04.2026 01:13:23
Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on mo...
CVE-2012-2111
- EPSS 4.8%
- Veröffentlicht 30.04.2012 14:55:03
- Zuletzt bearbeitet 16.06.2026 23:41:00
The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges da...
- EPSS 74.03%
- Veröffentlicht 10.04.2012 21:55:02
- Zuletzt bearbeitet 16.06.2026 23:39:12
The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execut...
CVE-2012-0870
- EPSS 6.5%
- Veröffentlicht 23.02.2012 12:33:55
- Zuletzt bearbeitet 16.06.2026 23:38:25
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly ...
- EPSS 3.53%
- Veröffentlicht 30.01.2012 17:55:01
- Zuletzt bearbeitet 16.06.2026 23:38:19
Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests.