| CVE-2019-14847 |
AVG-1057 |
Low |
Yes |
Denial of service |
A denial of service has been found in Samba before 4.10.10, where users with the "get changes" extended access right can crash the AD DC LDAP server by... |
| CVE-2019-14833 |
AVG-1057 |
Medium |
Yes |
Insufficient validation |
A security issue has been found in Samba before 4.10.10, where the check password script does not receive the full password string when the password... |
| CVE-2019-10218 |
AVG-1057 |
Medium |
Yes |
Arbitrary filesystem access |
An issue has been found in Samba before 4.10.10 where a malicious server can craft a pathname containing separators and return this to client code, causing... |
| CVE-2018-16857 |
AVG-823 |
Low |
Yes |
Access restriction bypass |
A security issue has been found in samba from 4.9.0 up to and including 4.9.2, where AD DC Configurations watching for bad passwords to restrict brute... |
| CVE-2018-16853 |
AVG-823 |
Medium |
Yes |
Denial of service |
A denial of service has been found in samba from 4.7.0 up to and including 4.9.2, where a user in a Samba AD domain can crash the MIT KDC by requesting an... |
| CVE-2018-16852 |
AVG-823 |
Medium |
Yes |
Denial of service |
A NULL pointer de-reference issue has been found in samba from 4.9.0 up to and including 4.9.2, where a user able to create or modify dnsZone objects can... |
| CVE-2018-16851 |
AVG-823 |
Medium |
Yes |
Denial of service |
A NULL pointer de-reference issue has been found in samba from 4.0.0 up to and including 4.9.2, where a user able to read more than 256MB of LDAP entries... |
| CVE-2018-16841 |
AVG-823 |
High |
Yes |
Denial of service |
A double-free issue has been found in samba from 4.3.0 up to and including 4.9.2, where a user with a valid certificate or smart card can crash the Samba AD... |
| CVE-2018-14629 |
AVG-823 |
Medium |
Yes |
Denial of service |
A denial of service security issue has been found in samba from 4.0.0 up to and including 4.9.2, where an unprivileged user can use the ldbadd tool to add... |
| CVE-2018-1057 |
AVG-651 |
Critical |
Yes |
Access restriction bypass |
On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts. |
| CVE-2018-1050 |
AVG-651 |
Medium |
Yes |
Denial of service |
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external... |
| CVE-2017-15275 |
AVG-535 |
Medium |
Yes |
Information disclosure |
A memory disclosure flaw was found in samba. An attacker could retrieve parts of server memory, which could contain potentially sensitive data, by sending... |
| CVE-2017-14746 |
AVG-535 |
High |
Yes |
Arbitrary code execution |
A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1... |
| CVE-2017-7494 |
AVG-279 |
High |
Yes |
Arbitrary code execution |
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to... |
| CVE-2016-2126 |
AVG-111 |
Medium |
Yes |
Privilege escalation |
A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket due to incorrect handling of the PAC checksum.... |
| CVE-2016-2125 |
AVG-111 |
Medium |
Yes |
Authentication bypass |
Samba client code always requests a forwardable ticket when using Kerberos authentication. This means the target server, which must be in the current or... |
| CVE-2016-2123 |
AVG-111 |
Critical |
Yes |
Arbitrary code execution |
The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data... |