Software Detail

Software Informaton Top

Other Middleware

Software Detail

Samba

Number Of NVD

208

CRITICAL

HIGH

MEDIUM

106

LOW

URL	https://www.samba.org/
Explanation	Samba is the standard Windows interoperability suite of programs for Linux and Unix. Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy. Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others. Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member. Excerpted and translated from [https://www.samba.org/
Tag	GPL v3 オープンソース

Add Information URL

No	Type	Name	URL
1			https://www.samba.org/samba/history/
2			https://wiki.samba.org/index.php/Samba_Release_Planning

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Critical	High	Medium	Low
101	Samba 4.19	4.19.9	Oct. 17, 2024	Sept. 4, 2023		1	0	5	0
102	Samba 4.18	4.18.11	March 13, 2024	March 8, 2023		1	1	12	0
103	Samba 4.17	4.17.12	Oct. 10, 2023	Sept. 13, 2022		2	5	15	0
104	Samba 4.16	4.16.11	July 19, 2023	March 21, 2022		3	8	14	0
105	Samba 4.15	4.15.13	Dec. 15, 2022	Sept. 20, 2021		3	14	16	0
106	Samba 4.14	4.14.14	July 27, 2022	March 9, 2021		2	16	19	0
107	Samba 4.13	4.13.17	Jan. 31, 2022	Sept. 22, 2020		2	16	22	1
108	Samba 4.12	4.12.15	April 29, 2021	March 3, 2020		2	17	26	1
109	Samba 4.11	4.11.17	Dec. 3, 2020	Sept. 17, 2019		3	17	33	1
110	Samba 4.10	4.10.18	Sept. 18, 2019	March 19, 2019		3	18	38	1
111	Samba 4.9	4.9.18	Jan. 21, 2020	Sept. 13, 2018	Jan. 1, 2000	3	16	43	1
112	Samba 4.8	4.8.12	May 14, 2019	March 13, 2018	Jan. 1, 2000	2	18	40	1
113	Samba 4.7	4.7.12	Nov. 27, 2018	Sept. 20, 2017	Jan. 1, 2000	3	19	40	1
114	Samba 4.5	4.5.16	March 13, 2018	Sept. 7, 2016	Jan. 1, 2000	4	24	41	1
115	Samba 4.3	4.3.13	Dec. 19, 2016	Sept. 8, 2015	Jan. 1, 2000	4	30	49	1
116	Samba 4.2	4.22.1	April 17, 2025	March 4, 2015	Jan. 1, 2000	4	31	47	1
117	Samba 4.1	4.19.9	Oct. 17, 2024	Jan. 11, 2013	Jan. 1, 2000	5	34	52	6
118	Samba 4.0	4.0.26	May 6, 2015	Dec. 11, 2012	Jan. 1, 2000	4	34	53	7
119	Samba 3.6	3.6.25	Feb. 23, 2015	Aug. 9, 2011	Jan. 1, 2000	3	16	37	5
120	Samba 3.5	3.5.22	Aug. 5, 2013	March 1, 2010	Jan. 1, 2000	3	16	34	6
121	Samba 3.4	3.4.17	April 30, 2012	July 3, 2009	Jan. 1, 2000	2	15	37	8
122	Samba 3.3	3.3.16	July 26, 2011	Jan. 27, 2009	Jan. 1, 2000	2	16	35	8
123	Samba 3.2	3.2.15	Oct. 1, 2009	July 1, 2008	Jan. 1, 2000	2	17	37	7
124	Samba 3.0	3.0.37	Oct. 1, 2009	Sept. 24, 2003	Jan. 1, 2000	2	30	42	7
125	Samba 4.6	4.6.9	Aug. 14, 2018		Jan. 1, 2000	4	23	38	1
126	Samba 4.4	4.4.9	Sept. 20, 2017		Jan. 1, 2000	4	27	46	1
127	Samba 3.1	3.1.0			Jan. 1, 2000	2	15	24	5
128	Samba 2.2a	2.2a			Jan. 1, 2000	2	12	18	4
129	Samba 2.2	2.2.12	Sept. 29, 2004		Jan. 1, 2000	2	20	20	5
130	Samba 2.18	2.18.3			Jan. 1, 2000	2	12	17	4
131	Samba 2.0	2.0.9			Jan. 1, 2000	2	23	22	7
132	Samba 1.9	1.9.18	Jan. 7, 1998		Jan. 1, 2000	2	13	20	5

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or higher	less than	Update date Published date	Show Affected	Exploit PoC Search
101	6.5 4.0	MEDIUM Network	Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the w…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-2126	cpe:2.3:a:samba:samba::	4.4.0 4.5.0 4.0.0	4.4.8 4.5.3 4.3.13	2024-11-21 11:47 2017-05-11	Show	GitHub Exploit DB Packet Storm

102	7.5 6.8	HIGH Network	libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently …	CWE-94 Code Injection	CVE-2016-2119	cpe:2.3:a:samba:samba::	4.0.0 4.3.0 4.4.0	4.2.14 4.3.11 4.4.5	2024-11-21 11:47 2016-07-8	Show	GitHub Exploit DB Packet Storm

103	5.9 4.3	MEDIUM Network	Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB c…	CWE-254 7PK - Security Features	CVE-2016-2115	cpe:2.3:a:samba:samba:4.4.0:* cpe:2.3:a:samba:samba:4.3.6:* cpe:2.3:a:samba:samba:4.3.5:* cpe:2.3:a:samba:samb…			2024-11-21 11:47 2016-04-25	Show	GitHub Exploit DB Packet Storm

104	5.9 4.3	MEDIUM Network	The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle att…	CWE-254 7PK - Security Features	CVE-2016-2114	cpe:2.3:a:samba:samba:4.4.0:* cpe:2.3:a:samba:samba:4.3.6:* cpe:2.3:a:samba:samba:4.3.5:* cpe:2.3:a:samba:samb…			2024-11-21 11:47 2016-04-25	Show	GitHub Exploit DB Packet Storm

105	7.4 5.8	HIGH Network	Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and …	CWE-310 Cryptographic Issues	CVE-2016-2113	cpe:2.3:a:samba:samba:4.4.0:* cpe:2.3:a:samba:samba:4.3.6:* cpe:2.3:a:samba:samba:4.3.5:* cpe:2.3:a:samba:samb…			2024-11-21 11:47 2016-04-25	Show	GitHub Exploit DB Packet Storm

106	5.9 4.3	MEDIUM Network	The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-midd…	CWE-254 7PK - Security Features	CVE-2016-2112	cpe:2.3:a:samba:samba:4.4.0:* cpe:2.3:a:samba:samba:4.3.6:* cpe:2.3:a:samba:samba:4.3.5:* cpe:2.3:a:samba:samb…			2024-11-21 11:47 2016-04-25	Show	GitHub Exploit DB Packet Storm

107	6.3 4.3	MEDIUM Local	The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a se…	CWE-254 7PK - Security Features	CVE-2016-2111	cpe:2.3:a:samba:samba:4.4.0:* cpe:2.3:a:samba:samba:4.3.6:* cpe:2.3:a:samba:samba:4.3.5:* cpe:2.3:a:samba:samb…			2024-11-21 11:47 2016-04-25	Show	GitHub Exploit DB Packet Storm

108	5.9 4.3	MEDIUM Network	The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by mo…	CWE-254 7PK - Security Features	CVE-2016-2110	cpe:2.3:a:samba:samba:4.4.0:* cpe:2.3:a:samba:samba:4.3.6:* cpe:2.3:a:samba:samba:4.3.5:* cpe:2.3:a:samba:samb…			2024-11-21 11:47 2016-04-25	Show	GitHub Exploit DB Packet Storm

109	5.9 4.3	MEDIUM Network	Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a…	NVD-CWE-noinfo	CVE-2015-5370	cpe:2.3:a:samba:samba:4.4.0:* cpe:2.3:a:samba:samba:4.3.6:* cpe:2.3:a:samba:samba:4.3.5:* cpe:2.3:a:samba:samb…			2024-11-21 11:32 2016-04-25	Show	GitHub Exploit DB Packet Storm

110	7.5 6.8	HIGH Network	The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers …	CWE-254 7PK - Security Features	CVE-2016-2118	cpe:2.3:a:samba:samba::	3.6.0 4.3.0 4.4.0	4.2.10 4.3.7 4.4.1	2024-11-21 11:47 2016-04-13	Show	GitHub Exploit DB Packet Storm