Filtered by vendor Samba
Subscriptions
Total
237 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0028 | 1 Samba | 1 Jitterbug | 2026-04-16 | N/A |
| jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands. | ||||
| CVE-2004-0082 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-16 | N/A |
| The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. | ||||
| CVE-2004-0600 | 3 Redhat, Samba, Trustix | 3 Enterprise Linux, Samba, Secure Linux | 2026-04-16 | N/A |
| Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication. | ||||
| CVE-2004-2687 | 2 Apple, Samba | 2 Xcode, Samba | 2026-04-16 | N/A |
| distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. | ||||
| CVE-2002-0080 | 2 Redhat, Samba | 2 Linux, Rsync | 2026-04-16 | N/A |
| rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | ||||
| CVE-1999-0182 | 1 Samba | 1 Samba | 2026-04-16 | N/A |
| Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password. | ||||
| CVE-2006-1059 | 1 Samba | 1 Samba | 2026-04-16 | N/A |
| The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. | ||||
| CVE-2004-0930 | 5 Conectiva, Gentoo, Redhat and 2 more | 8 Linux, Linux, Enterprise Linux and 5 more | 2026-04-16 | N/A |
| The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters. | ||||
| CVE-2004-0808 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-16 | N/A |
| The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided. | ||||
| CVE-2006-3403 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-16 | N/A |
| The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | ||||
| CVE-2000-0936 | 1 Samba | 1 Samba | 2026-04-16 | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. | ||||
| CVE-2002-2196 | 1 Samba | 1 Samba | 2026-04-16 | N/A |
| Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack. | ||||
| CVE-2004-0815 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2026-04-16 | N/A |
| The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. | ||||
| CVE-2004-2546 | 2 Samba, Trustix | 2 Samba, Secure Linux | 2026-04-16 | N/A |
| Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption). | ||||
| CVE-2003-0086 | 2 Redhat, Samba | 3 Enterprise Linux, Linux, Samba | 2026-04-16 | N/A |
| The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown. | ||||
| CVE-2004-0882 | 4 Conectiva, Redhat, Samba and 1 more | 7 Linux, Enterprise Linux, Enterprise Linux Desktop and 4 more | 2026-04-16 | N/A |
| Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. | ||||
| CVE-2004-0807 | 6 Conectiva, Mandrakesoft, Redhat and 3 more | 6 Linux, Mandrake Linux, Enterprise Linux and 3 more | 2026-04-16 | N/A |
| Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. | ||||
| CVE-2001-0406 | 2 Redhat, Samba | 2 Linux, Samba | 2026-04-16 | N/A |
| Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. | ||||
| CVE-2003-0196 | 6 Compaq, Hp, Redhat and 3 more | 9 Tru64, Cifs-9000 Server, Hp-ux and 6 more | 2026-04-16 | N/A |
| Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201. | ||||
| CVE-2024-12086 | 8 Almalinux, Archlinux, Gentoo and 5 more | 10 Almalinux, Arch Linux, Linux and 7 more | 2026-04-14 | 6.1 Medium |
| A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client. | ||||