Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
121 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
122 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
123 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
124 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
125 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
126 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
127 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
128 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
129 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
130 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
131 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
132 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
133 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
134 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
135 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
136 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
137 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
138 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
139 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
140 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
141 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
142 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
143 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
144 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
145 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
146 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
147 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
148 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
149 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
150 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
151 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
152 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
121 -
8.5 		HIGH Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccount… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-8143 cpe:2.3:a:samba:samba:4.2.0:rc3
cpe:2.3:a:samba:samba:4.2.0:rc2
cpe:2.3:a:samba:samba:4.2.0:rc1
cpe:2.3:a:samb… 		2024-11-21 11:18
2015-01-17 		Show GitHub Exploit DB Packet Storm
122 -
7.9 		HIGH NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and 4.1.x before 4.1.11 allows remote attackers to execute arbitrary code via unspecified vectors that modify heap memory, involving a… CWE-94
Code Injection 		CVE-2014-3560 cpe:2.3:a:samba:samba:4.1.9:*
cpe:2.3:a:samba:samba:4.1.8:*
cpe:2.3:a:samba:samba:4.1.7:*
cpe:2.3:a:samba:samb… 		2024-11-21 11:08
2014-08-7 		Show GitHub Exploit DB Packet Storm
123 -
2.7 		LOW The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote authenticated users to cause a denial of service (memory corruption and daemon … CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2014-3493 cpe:2.3:a:samba:samba:4.1.8:*
cpe:2.3:a:samba:samba:4.1.7:*
cpe:2.3:a:samba:samba:4.1.6:*
cpe:2.3:a:samba:samb… 		2024-11-21 11:08
2014-06-23 		Show GitHub Exploit DB Packet Storm
124 -
3.3 		LOW The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) vi… CWE-20
 Improper Input Validation  		CVE-2014-0244 cpe:2.3:a:samba:samba:4.1.8:*
cpe:2.3:a:samba:samba:4.1.7:*
cpe:2.3:a:samba:samba:4.1.6:*
cpe:2.3:a:samba:samb… 		2024-11-21 11:01
2014-06-23 		Show GitHub Exploit DB Packet Storm
125 -
5.0 		MEDIUM The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a den… CWE-20
 Improper Input Validation  		CVE-2014-0239 cpe:2.3:a:samba:samba:*:* 4.1.0
4.0.0

4.1.8
4.0.18 		2024-11-21 11:01
2014-05-28 		Show GitHub Exploit DB Packet Storm
126 -
3.5 		LOW Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, w… CWE-665
 Improper Initialization 		CVE-2014-0178 cpe:2.3:a:samba:samba:4.1.7:*
cpe:2.3:a:samba:samba:4.1.6:*
cpe:2.3:a:samba:samba:4.1.5:*
cpe:2.3:a:samba:samb… 		4.1.0
4.0.0
3.6.6



4.1.8
4.0.18
3.6.25 		2024-11-21 11:01
2014-05-28 		Show GitHub Exploit DB Packet Storm
127 -
5.8 		MEDIUM The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-6442 cpe:2.3:a:samba:samba:4.1.5:*
cpe:2.3:a:samba:samba:4.1.4:*
cpe:2.3:a:samba:samba:4.1.3:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:59
2014-03-14 		Show GitHub Exploit DB Packet Storm
128 -
5.0 		MEDIUM Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obta… CWE-255
Credentials Management 		CVE-2013-4496 cpe:2.3:a:samba:samba:*:* 4.1.0
4.0.0
3.4.0



4.1.6
4.0.16
3.6.23 		2024-11-21 10:55
2014-03-14 		Show GitHub Exploit DB Packet Storm
129 -
8.3 		HIGH Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote … CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2013-4408 cpe:2.3:a:samba:samba:4.1.2:*
cpe:2.3:a:samba:samba:4.1.1:*
cpe:2.3:a:samba:samba:4.1.0:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:55
2013-12-10 		Show GitHub Exploit DB Packet Storm
130 -
3.6 		LOW The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which all… CWE-20
 Improper Input Validation  		CVE-2012-6150 cpe:2.3:a:samba:samba:*:* 4.1.0
4.0.0
3.4.3
3.3.10





4.1.3
4.0.13
3.6.22
3.4.0 		2024-11-21 10:45
2013-12-4 		Show GitHub Exploit DB Packet Storm