Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
171 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
172 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
173 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
174 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
175 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
176 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
177 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
178 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
179 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
180 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
181 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
182 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
183 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
184 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
185 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
186 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
187 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
188 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
189 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
190 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
191 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
192 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
193 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
194 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
195 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
196 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
197 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
198 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
199 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
200 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
201 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
202 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
171 -
6.0 		MEDIUM The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when th… NVD-CWE-Other
CVE-2007-2447 cpe:2.3:a:samba:samba:3.0.9:*
cpe:2.3:a:samba:samba:3.0.8:*
cpe:2.3:a:samba:samba:3.0.7:*
cpe:2.3:a:samba:samb… 		2026-04-23 09:35
2007-05-15 		Show GitHub Exploit DB Packet Storm
172 -
6.8 		MEDIUM smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed f… NVD-CWE-Other
CVE-2007-0452 cpe:2.3:a:samba:samba:3.0.9:*
cpe:2.3:a:samba:samba:3.0.8:*
cpe:2.3:a:samba:samba:3.0.7:*
cpe:2.3:a:samba:samb… 		2026-04-23 09:35
2007-02-6 		Show GitHub Exploit DB Packet Storm
173 -
4.6 		MEDIUM Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2… NVD-CWE-Other
CVE-2007-0453 cpe:2.3:a:samba:samba:3.0.23d:*
cpe:2.3:a:samba:samba:3.0.23c:*
cpe:2.3:a:samba:samba:3.0.23b:*
cpe:2.3:a:samb… 		2026-04-23 09:35
2007-02-6 		Show GitHub Exploit DB Packet Storm
174 -
7.5 		HIGH Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AF… CWE-134
Use of Externally-Controlled Format String 		CVE-2007-0454 cpe:2.3:a:samba:samba:3.0.9:*
cpe:2.3:a:samba:samba:3.0.8:*
cpe:2.3:a:samba:samba:3.0.7:*
cpe:2.3:a:samba:samb… 		2026-04-23 09:35
2007-02-6 		Show GitHub Exploit DB Packet Storm
175 -
5.0 		MEDIUM The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. NVD-CWE-Other
CVE-2006-3403 cpe:2.3:a:samba:samba:3.0.9:*
cpe:2.3:a:samba:samba:3.0.8:*
cpe:2.3:a:samba:samba:3.0.7:*
cpe:2.3:a:samba:samb… 		2018-10-19 01:47
2006-07-13 		Show GitHub Exploit DB Packet Storm
176 -
1.2 		LOW The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain. NVD-CWE-Other
CVE-2006-1059 cpe:2.3:a:samba:samba:3.0.21c:*
cpe:2.3:a:samba:samba:3.0.21b:*
cpe:2.3:a:samba:samba:3.0.21a:*
cpe:2.3:a:samb… 		2018-10-19 01:30
2006-03-31 		Show GitHub Exploit DB Packet Storm
177 -
10.0 		HIGH Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data… NVD-CWE-Other
CVE-2004-0882 cpe:2.3:a:samba:samba:3.0.7:*
cpe:2.3:a:samba:samba:3.0.6:*
cpe:2.3:a:samba:samba:3.0.5:*
cpe:2.3:a:samba:samb… 		2018-10-31 01:25
2005-01-27 		Show GitHub Exploit DB Packet Storm
178 -
5.0 		MEDIUM The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multipl… NVD-CWE-Other
CVE-2004-0930 cpe:2.3:a:samba:samba:3.0.7:*
cpe:2.3:a:samba:samba:3.0.6:*
cpe:2.3:a:samba:samba:3.0.5:*
cpe:2.3:a:samba:samb… 		2017-10-11 10:29
2005-01-27 		Show GitHub Exploit DB Packet Storm
179 -
10.0 		HIGH Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code… NVD-CWE-Other
CVE-2004-1154 cpe:2.3:a:samba:samba:3.0.9:*
cpe:2.3:a:samba:samba:3.0.8:*
cpe:2.3:a:samba:samba:3.0.7:*
cpe:2.3:a:samba:samb… 		2018-10-31 01:25
2005-01-10 		Show GitHub Exploit DB Packet Storm
180 -
5.0 		MEDIUM The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request wit… NVD-CWE-Other
CVE-2004-0808 cpe:2.3:a:samba:samba:3.0.6:*
cpe:2.3:a:samba:samba:3.0.5:*
cpe:2.3:a:samba:samba:3.0.4:rc1
cpe:2.3:a:samba:sa… 		2018-10-31 01:25
2004-12-31 		Show GitHub Exploit DB Packet Storm