Samba: >> Samba >> 4.15.13 Security Vulnerabilities
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
CVSS Score
6.5
EPSS Score
0.002
Published
2023-04-03
A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.
CVSS Score
5.9
EPSS Score
0.002
Published
2023-03-06
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
CVSS Score
4.3
EPSS Score
0.009
Published
2023-01-17
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-09-01
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-01
MaxQueryDuration not honoured in Samba AD DC LDAP
CVSS Score
6.5
EPSS Score
0.033
Published
2022-08-23
Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.
CVSS Score
9.0
EPSS Score
0.008
Published
2011-10-02
Page 2