Shodan
Vulnerabilities
Vulnerable Software
Samba:  >> Samba  Security Vulnerabilities
CVE-2022-44640
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
CVSS Score
9.8
EPSS Score
0.02
Published
2022-12-25
CVE-2022-38023
Netlogon RPC Elevation of Privilege Vulnerability
CVSS Score
8.1
EPSS Score
0.003
Published
2022-11-09
CVE-2022-37967
Windows Kerberos Elevation of Privilege Vulnerability
CVSS Score
7.2
EPSS Score
0.019
Published
2022-11-09
CVE-2022-37966
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability
CVSS Score
8.1
EPSS Score
0.007
Published
2022-11-09
CVE-2022-32743
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
CVSS Score
7.5
EPSS Score
0.008
Published
2022-09-01
CVE-2022-1615
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-01
CVE-2022-0336
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-08-29
CVE-2022-32742
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
CVSS Score
4.3
EPSS Score
0.002
Published
2022-08-25
CVE-2022-32744
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-08-25
CVE-2022-32745
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
CVSS Score
8.1
EPSS Score
0.003
Published
2022-08-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved