Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
111 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
112 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
113 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
114 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
115 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
116 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
117 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
118 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
119 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
120 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
121 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
122 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
123 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
124 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
125 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
126 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
127 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
128 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
129 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
130 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
131 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
132 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
133 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
134 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
135 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
136 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
137 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
138 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
139 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
140 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
141 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
142 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
111 5.9
4.9 		MEDIUM
Network 		The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2016-0771 cpe:2.3:a:samba:samba:4.4.0:rc3
cpe:2.3:a:samba:samba:4.4.0:rc2
cpe:2.3:a:samba:samba:4.4.0:rc1
cpe:2.3:a:samb… 		2024-11-21 11:42
2016-03-14 		Show GitHub Exploit DB Packet Storm
112 6.5
4.0 		MEDIUM
Network 		The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by usi… CWE-284
Improper Access Control 		CVE-2015-7560 cpe:2.3:a:samba:samba:4.4.0:rc3
cpe:2.3:a:samba:samba:4.4.0:rc2
cpe:2.3:a:samba:samba:4.4.0:rc1
cpe:2.3:a:samb… 		3.2.0
4.2.0
4.3.0



4.1.23
4.2.9
4.3.6 		2024-11-21 11:36
2016-03-14 		Show GitHub Exploit DB Packet Storm
113 7.5
5.0 		HIGH
Network 		The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of se… CWE-399
 Resource Management Errors 		CVE-2015-7540 cpe:2.3:a:samba:samba:*:* 4.0.0 4.1.22 2024-11-21 11:36
2015-12-30 		Show GitHub Exploit DB Packet Storm
114 7.5
5.0 		HIGH
Network 		ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive i… CWE-200
Information Exposure 		CVE-2015-5330 cpe:2.3:a:samba:samba:4.3.2:*
cpe:2.3:a:samba:samba:4.3.1:*
cpe:2.3:a:samba:samba:4.3.0:*
cpe:2.3:a:samba:samb… 		2024-11-21 11:32
2015-12-30 		Show GitHub Exploit DB Packet Storm
115 5.3
5.0 		MEDIUM
Network 		The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST acc… CWE-200
Information Exposure 		CVE-2015-5299 cpe:2.3:a:samba:samba:*:* 4.3.0
4.2.0
3.0.20



4.3.3
4.2.7
4.1.22 		2024-11-21 11:32
2015-12-30 		Show GitHub Exploit DB Packet Storm
116 5.4
4.3 		MEDIUM
Network 		Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unen… CWE-20
 Improper Input Validation  		CVE-2015-5296 cpe:2.3:a:samba:samba:*:* 4.3.0
4.2.0
3.2.0



4.3.3
4.2.7
4.1.22 		2024-11-21 11:32
2015-12-30 		Show GitHub Exploit DB Packet Storm
117 7.5
6.0 		HIGH
Network 		The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative… CWE-269
 Improper Privilege Management 		CVE-2015-8467 cpe:2.3:a:samba:samba:*:* 4.3.0
4.0.0
4.2.0



4.3.3
4.1.22
4.2.7 		2024-11-21 11:38
2015-12-30 		Show GitHub Exploit DB Packet Storm
118 7.2
5.0 		HIGH
Network 		vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended f… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2015-5252 cpe:2.3:a:samba:samba:*:* 4.3.0
4.2.0
3.0.0



4.3.3
4.2.7
4.1.22 		2024-11-21 11:32
2015-12-30 		Show GitHub Exploit DB Packet Storm
119 5.3
5.0 		MEDIUM
Network 		The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero va… CWE-189
CWE-399
Numeric Errors
 Resource Management Errors 		CVE-2015-3223 cpe:2.3:a:samba:samba:4.3.2:*
cpe:2.3:a:samba:samba:4.3.1:*
cpe:2.3:a:samba:samba:4.3.0:*
cpe:2.3:a:samba:samb… 		2024-11-21 11:28
2015-12-30 		Show GitHub Exploit DB Packet Storm
120 -
10.0 		HIGH The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x before 3.6.25, 4.0.x before 4.0.25, 4.1.x before 4.1.17, and 4.2.x before 4.2.0rc5 performs a free operation on an uninitialized st… CWE-17
Code 		CVE-2015-0240 cpe:2.3:a:samba:samba:4.2.0:rc4
cpe:2.3:a:samba:samba:4.2.0:rc3
cpe:2.3:a:samba:samba:4.2.0:rc2
cpe:2.3:a:samb… 		2024-11-21 11:22
2015-02-24 		Show GitHub Exploit DB Packet Storm