Known Vulnerabilities for products from Samba
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Samba".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33995 json | Not Provided | 2026-03-30 | 2026-03-30 | |
| CVE-2024-12088 json | A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12087 json | A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-ena... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12086 json | A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. ... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2024-12085 json | A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipu... | Not Provided | 2025-01-14 | 2026-04-14 |
| CVE-2023-42670 json | A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, c... | 6.5 - MEDIUM | 2023-11-03 | 2023-11-13 |
| CVE-2023-42669 json | A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stac... | 6.5 - MEDIUM | 2023-11-06 | 2023-11-14 |
| CVE-2023-34968 json | A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolu... | 5.3 - MEDIUM | 2023-07-20 | 2024-01-30 |
| CVE-2023-34967 json | A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packe... | 5.3 - MEDIUM | 2023-07-20 | 2024-01-30 |
| CVE-2023-34966 json | An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packe... | 7.5 - HIGH | 2023-07-20 | 2024-01-30 |
| CVE-2023-5568 json | A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vu... | 6.5 - MEDIUM | 2023-10-25 | 2023-11-07 |
| CVE-2023-4154 json | A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to... | 6.5 - MEDIUM | 2023-11-07 | 2023-11-15 |
| CVE-2023-4091 json | A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions... | 6.5 - MEDIUM | 2023-11-03 | 2023-11-13 |
| CVE-2023-3961 json | A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets wi... | 9.8 - CRITICAL | 2023-11-03 | 2024-01-02 |
| CVE-2023-3347 json | A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin confi... | 5.9 - MEDIUM | 2023-07-20 | 2023-08-15 |
| CVE-2023-0922 json | The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords... | 5.9 - MEDIUM | 2023-04-03 | 2023-11-07 |
| CVE-2023-0614 json | The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficie... | 6.5 - MEDIUM | 2023-04-03 | 2023-11-07 |
| CVE-2023-0225 json | A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to... | 4.3 - MEDIUM | 2023-04-03 | 2023-09-17 |
| CVE-2022-45141 json | Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC... | 9.8 - CRITICAL | 2023-03-06 | 2023-09-17 |
| CVE-2022-44640 json | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by ... | 9.8 - CRITICAL | 2022-12-25 | 2023-10-08 |
Known software with vulnerabilities from Samba
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Samba | Cifs-utils | 5.6 |
| Application | Samba | Jitterbug | - |
| Application | Samba | Ppp | - |
| Application | Samba | Rsync | 1.6.4 |
| Application | Samba | Samba | - |
| Application | Samba | Samba Server | - |
| Application | Samba | Volume Service | - |