| Samba | Number Of NVD | 208 | CRITICAL | 6 | HIGH | 78 | MEDIUM | 106 | LOW | 18 |
| URL | https://www.samba.org/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | Samba is the standard Windows interoperability suite of programs for Linux and Unix. Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy. Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others. Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member. Excerpted and translated from [https://www.samba.org/ |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://www.samba.org/samba/history/ | ||
| 2 | https://wiki.samba.org/index.php/Samba_Release_Planning |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 21 | Samba 4.19 | 4.19.9 | Oct. 17, 2024 | Sept. 4, 2023 | 1 | 0 | 5 | 0 | |||
| 22 | Samba 4.18 | 4.18.11 | March 13, 2024 | March 8, 2023 | 1 | 1 | 12 | 0 | |||
| 23 | Samba 4.17 | 4.17.12 | Oct. 10, 2023 | Sept. 13, 2022 | 2 | 5 | 15 | 0 | |||
| 24 | Samba 4.16 | 4.16.11 | July 19, 2023 | March 21, 2022 | 3 | 8 | 14 | 0 | |||
| 25 | Samba 4.15 | 4.15.13 | Dec. 15, 2022 | Sept. 20, 2021 | 3 | 14 | 16 | 0 | |||
| 26 | Samba 4.14 | 4.14.14 | July 27, 2022 | March 9, 2021 | 2 | 16 | 19 | 0 | |||
| 27 | Samba 4.13 | 4.13.17 | Jan. 31, 2022 | Sept. 22, 2020 | 2 | 16 | 22 | 1 | |||
| 28 | Samba 4.12 | 4.12.15 | April 29, 2021 | March 3, 2020 | 2 | 17 | 26 | 1 | |||
| 29 | Samba 4.11 | 4.11.17 | Dec. 3, 2020 | Sept. 17, 2019 | 3 | 17 | 33 | 1 | |||
| 30 | Samba 4.10 | 4.10.18 | Sept. 18, 2019 | March 19, 2019 | 3 | 18 | 38 | 1 | |||
| 31 | Samba 4.9 | 4.9.18 | Jan. 21, 2020 | Sept. 13, 2018 | Jan. 1, 2000 | 3 | 16 | 43 | 1 | ||
| 32 | Samba 4.8 | 4.8.12 | May 14, 2019 | March 13, 2018 | Jan. 1, 2000 | 2 | 18 | 40 | 1 | ||
| 33 | Samba 4.7 | 4.7.12 | Nov. 27, 2018 | Sept. 20, 2017 | Jan. 1, 2000 | 3 | 19 | 40 | 1 | ||
| 34 | Samba 4.5 | 4.5.16 | March 13, 2018 | Sept. 7, 2016 | Jan. 1, 2000 | 4 | 24 | 41 | 1 | ||
| 35 | Samba 4.3 | 4.3.13 | Dec. 19, 2016 | Sept. 8, 2015 | Jan. 1, 2000 | 4 | 30 | 49 | 1 | ||
| 36 | Samba 4.2 | 4.22.1 | April 17, 2025 | March 4, 2015 | Jan. 1, 2000 | 4 | 31 | 47 | 1 | ||
| 37 | Samba 4.1 | 4.19.9 | Oct. 17, 2024 | Jan. 11, 2013 | Jan. 1, 2000 | 5 | 34 | 52 | 6 | ||
| 38 | Samba 4.0 | 4.0.26 | May 6, 2015 | Dec. 11, 2012 | Jan. 1, 2000 | 4 | 34 | 53 | 7 | ||
| 39 | Samba 3.6 | 3.6.25 | Feb. 23, 2015 | Aug. 9, 2011 | Jan. 1, 2000 | 3 | 16 | 37 | 5 | ||
| 40 | Samba 3.5 | 3.5.22 | Aug. 5, 2013 | March 1, 2010 | Jan. 1, 2000 | 3 | 16 | 34 | 6 | ||
| 41 | Samba 3.4 | 3.4.17 | April 30, 2012 | July 3, 2009 | Jan. 1, 2000 | 2 | 15 | 37 | 8 | ||
| 42 | Samba 3.3 | 3.3.16 | July 26, 2011 | Jan. 27, 2009 | Jan. 1, 2000 | 2 | 16 | 35 | 8 | ||
| 43 | Samba 3.2 | 3.2.15 | Oct. 1, 2009 | July 1, 2008 | Jan. 1, 2000 | 2 | 17 | 37 | 7 | ||
| 44 | Samba 3.0 | 3.0.37 | Oct. 1, 2009 | Sept. 24, 2003 | Jan. 1, 2000 | 2 | 30 | 42 | 7 | ||
| 45 | Samba 4.6 | 4.6.9 | Aug. 14, 2018 | Jan. 1, 2000 | 4 | 23 | 38 | 1 | |||
| 46 | Samba 4.4 | 4.4.9 | Sept. 20, 2017 | Jan. 1, 2000 | 4 | 27 | 46 | 1 | |||
| 47 | Samba 3.1 | 3.1.0 | Jan. 1, 2000 | 2 | 15 | 24 | 5 | ||||
| 48 | Samba 2.2a | 2.2a | Jan. 1, 2000 | 2 | 12 | 18 | 4 | ||||
| 49 | Samba 2.2 | 2.2.12 | Sept. 29, 2004 | Jan. 1, 2000 | 2 | 20 | 20 | 5 | |||
| 50 | Samba 2.18 | 2.18.3 | Jan. 1, 2000 | 2 | 12 | 17 | 4 | ||||
| 51 | Samba 2.0 | 2.0.9 | Jan. 1, 2000 | 2 | 23 | 22 | 7 | ||||
| 52 | Samba 1.9 | 1.9.18 | Jan. 7, 1998 | Jan. 1, 2000 | 2 | 13 | 20 | 5 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 21 |
9.8 - |
CRITICAL
Network |
Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). |
NVD-CWE-Other
|
CVE-2022-44640 | cpe:2.3:a:samba:samba:*:* |
4.16.0 4.17.0 4.15.0 |
|
|
4.16.8 4.17.4 4.15.3 |
2024-11-21 16:28 2022-12-25 |
Show | GitHub Exploit DB Packet Storm |
| 22 |
8.1 - |
HIGH
Network |
Netlogon RPC Elevation of Privilege Vulnerability |
NVD-CWE-noinfo
|
CVE-2022-38023 | cpe:2.3:a:samba:samba:*:* |
4.16.0 4.17.0 |
|
4.15.13 |
4.16.8 4.17.4 |
2024-11-21 16:15 2022-11-10 |
Show | GitHub Exploit DB Packet Storm |
| 23 |
7.2 - |
HIGH
Network |
Windows Kerberos Elevation of Privilege Vulnerability |
NVD-CWE-noinfo
|
CVE-2022-37967 | cpe:2.3:a:samba:samba:*:* |
4.16.0 4.17.0 |
|
4.15.13 |
4.16.8 4.17.4 |
2024-11-21 16:15 2022-11-10 |
Show | GitHub Exploit DB Packet Storm |
| 24 |
8.1 - |
HIGH
Network |
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability |
NVD-CWE-noinfo
|
CVE-2022-37966 | cpe:2.3:a:samba:samba:*:* |
4.16.0 4.17.0 |
|
4.15.13 |
4.16.8 4.17.4 |
2024-11-21 16:15 2022-11-10 |
Show | GitHub Exploit DB Packet Storm |
| 25 |
7.5 - |
HIGH
Network |
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. |
CWE-276
Incorrect Default Permissions |
CVE-2022-32743 | cpe:2.3:a:samba:samba:*:* | 4.1.0 |
2024-11-21 16:06 2022-09-2 |
Show | GitHub Exploit DB Packet Storm | |||
| 26 |
5.5 - |
MEDIUM
Local |
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. |
CWE-330
Use of Insufficiently Random Values |
CVE-2022-1615 | cpe:2.3:a:samba:samba:*:* | 4.1.0 |
2024-11-21 15:41 2022-09-2 |
Show | GitHub Exploit DB Packet Storm | |||
| 27 |
8.8 - |
HIGH
Network |
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypa… |
CWE-276
Incorrect Default Permissions |
CVE-2022-0336 | cpe:2.3:a:samba:samba:*:* |
4.14.0 4.15.0 4.0.0 |
|
|
4.14.12 4.15.4 4.13.17 |
2024-11-21 15:38 2022-08-30 |
Show | GitHub Exploit DB Packet Storm |
| 28 |
5.4 - |
MEDIUM
Network |
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This is… |
CWE-416
Use After Free |
CVE-2022-32746 | cpe:2.3:a:samba:samba:*:* |
4.16.0 4.15.0 4.3.0 |
|
|
4.16.4 4.15.9 4.14.14 |
2024-11-21 16:06 2022-08-26 |
Show | GitHub Exploit DB Packet Storm |
| 29 |
8.1 - |
HIGH
Network |
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. |
CWE-125 CWE-908 Out-of-bounds Read Use of Uninitialized Resource |
CVE-2022-32745 | cpe:2.3:a:samba:samba:*:* |
4.16.0 4.13.14 4.15.2 |
|
|
4.16.4 4.14.14 4.15.9 |
2024-11-21 16:06 2022-08-26 |
Show | GitHub Exploit DB Packet Storm |
| 30 |
8.8 - |
HIGH
Network |
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabl… |
CWE-290
Authentication Bypass by Spoofing |
CVE-2022-32744 | cpe:2.3:a:samba:samba:*:* |
4.16.0 4.15.0 4.3.0 |
|
|
4.16.4 4.15.9 4.14.14 |
2024-11-21 16:06 2022-08-26 |
Show | GitHub Exploit DB Packet Storm |