Search CVE reports
121 – 130 of 187 results
CVE-2015-3223
Medium prioritySome fixes available 13 of 14
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows...
3 affected packages
ldb, samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| ldb | — | — | — | — | Fixed |
| samba | — | — | — | — | Fixed |
| samba4 | — | — | — | — | Not in release |
CVE-2015-0240
Medium prioritySome fixes available 8 of 10
The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized stack pointer, which...
2 affected packages
samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| samba | — | — | — | — | Fixed |
| samba4 | — | — | — | — | Not in release |
CVE-2014-8143
Medium prioritySome fixes available 7 of 9
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT...
2 affected packages
samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| samba | — | — | — | — | Fixed |
| samba4 | — | — | — | — | Not in release |
CVE-2014-3560
High prioritySome fixes available 7 of 9
NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a sizeof operation on an...
2 affected packages
samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| samba | — | — | — | — | Fixed |
| samba4 | — | — | — | — | Not in release |
CVE-2014-3493
Medium prioritySome fixes available 10 of 13
The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) via an attempt to read a...
2 affected packages
samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| samba | — | — | — | — | Fixed |
| samba4 | — | — | — | — | Not in release |
CVE-2014-0244
Medium prioritySome fixes available 9 of 12
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
2 affected packages
samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| samba | — | — | — | — | Fixed |
| samba4 | — | — | — | — | Not in release |
CVE-2014-0239
Medium prioritySome fixes available 1 of 4
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and...
2 affected packages
samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| samba | — | — | — | — | Not affected |
| samba4 | — | — | — | — | Not in release |
CVE-2014-0178
Medium prioritySome fixes available 2 of 5
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, which allows...
2 affected packages
samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| samba | — | — | — | — | Not affected |
| samba4 | — | — | — | — | Not in release |
CVE-2013-6442
Medium prioritySome fixes available 7 of 11
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in...
2 affected packages
samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| samba | — | — | — | — | Fixed |
| samba4 | — | — | — | — | Not in release |
CVE-2013-4496
Medium prioritySome fixes available 11 of 15
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via...
2 affected packages
samba, samba4
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| samba | — | — | — | — | Fixed |
| samba4 | — | — | — | — | Not in release |