CVE-2019-19344
- EPSS 3.07%
- Veröffentlicht 21.01.2020 18:15:12
- Zuletzt bearbeitet 14.01.2025 19:29:55
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the ori...
CVE-2011-3585
- EPSS 0.32%
- Veröffentlicht 31.12.2019 20:15:11
- Zuletzt bearbeitet 21.11.2024 01:30:48
Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists.
CVE-2019-14861
- EPSS 2.3%
- Veröffentlicht 10.12.2019 23:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:31
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stor...
CVE-2019-14870
- EPSS 2.78%
- Veröffentlicht 10.12.2019 23:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:33
All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in an...
CVE-2019-10218
- EPSS 3.52%
- Veröffentlicht 06.11.2019 10:15:10
- Zuletzt bearbeitet 21.11.2024 04:18:40
A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB...
CVE-2019-14833
- EPSS 2.08%
- Veröffentlicht 06.11.2019 10:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:27
A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be config...
CVE-2019-14847
- EPSS 2.36%
- Veröffentlicht 06.11.2019 10:15:10
- Zuletzt bearbeitet 21.11.2024 04:27:29
A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.
CVE-2019-10197
- EPSS 3.18%
- Veröffentlicht 03.09.2019 15:15:11
- Zuletzt bearbeitet 21.11.2024 04:18:38
A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated attacker could use this flaw to escape the shared ...
CVE-2018-16860
- EPSS 2.49%
- Veröffentlicht 31.07.2019 15:15:11
- Zuletzt bearbeitet 21.11.2024 03:53:28
A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the middle attacker could use this flaw to intercept th...
CVE-2019-12435
- EPSS 2.18%
- Veröffentlicht 19.06.2019 12:15:10
- Zuletzt bearbeitet 21.11.2024 04:22:50
Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process.