Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
51 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
52 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
53 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
54 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
55 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
56 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
57 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
58 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
59 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
60 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
61 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
62 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
63 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
64 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
65 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
66 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
67 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
68 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
69 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
70 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
71 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
72 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
73 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
74 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
75 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
76 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
77 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
78 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
79 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
80 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
81 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
82 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
51 6.5
4.0 		MEDIUM
Network 		A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted afte… NVD-CWE-Other
CVE-2020-14383 cpe:2.3:a:samba:samba:*:* 4.12.0
4.13.0
4.0.0



4.12.9
4.13.1
4.11.15 		2024-11-21 14:03
2020-12-2 		Show GitHub Exploit DB Packet Storm
52 6.6
9.0 		MEDIUM
Network 		A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit… CWE-863
 Incorrect Authorization 		CVE-2020-17049 cpe:2.3:a:samba:samba:*:* 4.15.0
4.14.0
4.1.0



4.15.1
4.14.9
4.13.13 		2024-11-21 14:07
2020-11-11 		Show GitHub Exploit DB Packet Storm
53 5.5
2.1 		MEDIUM
Local 		A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing… CWE-476
 NULL Pointer Dereference 		CVE-2020-14323 cpe:2.3:a:samba:samba:*:* 4.12.0
4.13.0
3.6.0



4.12.9
4.13.1
4.11.15 		2024-11-21 14:03
2020-10-30 		Show GitHub Exploit DB Packet Storm
54 5.5
9.3 		MEDIUM
Local 		An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An at… NVD-CWE-noinfo
CVE-2020-1472 cpe:2.3:a:samba:samba:*:* 4.12.0
4.11.0



4.12.7
4.11.13
4.10.18 		2025-03-7 23:57
2020-08-18 		Show GitHub Exploit DB Packet Storm
55 7.5
7.8 		HIGH
Network 		A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way it processed NetBios over TCP/IP. This flaw allows a remote attacker could to cause the Samba server… CWE-400
 Uncontrolled Resource Consumption 		CVE-2020-10745 cpe:2.3:a:samba:samba:*:* 4.12.0
4.11.0
4.0.0



4.12.4
4.11.11
4.10.17 		2024-11-21 13:55
2020-07-7 		Show GitHub Exploit DB Packet Storm
56 6.5
4.0 		MEDIUM
Network 		A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped wit… CWE-476
CWE-416
 NULL Pointer Dereference
 Use After Free 		CVE-2020-10730 cpe:2.3:a:samba:samba:*:* 4.12.0
4.11.0
4.5.0



4.12.4
4.11.11
4.10.17 		2024-11-21 13:55
2020-07-7 		Show GitHub Exploit DB Packet Storm
57 6.5
4.0 		MEDIUM
Network 		A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, before 4.12.4 used in a AC DC configuration. A Samba LDAP user could use this flaw to crash samba. CWE-416
 Use After Free 		CVE-2020-10760 cpe:2.3:a:samba:samba:*:* 4.12.0
4.11.0
4.5.0



4.12.4
4.11.11
4.10.17 		2024-11-21 13:56
2020-07-7 		Show GitHub Exploit DB Packet Storm
58 7.5
5.0 		HIGH
Network 		A flaw was found in the AD DC NBT server in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4. A samba user could send an empty UDP packet to cause the samba server to crash. CWE-834
 Excessive Iteration 		CVE-2020-14303 cpe:2.3:a:samba:samba:*:* 4.12.0
4.11.0
4.10.0



4.12.4
4.11.11
4.10.17 		2024-11-21 14:02
2020-07-7 		Show GitHub Exploit DB Packet Storm
59 7.5
5.0 		HIGH
Network 		A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user ca… CWE-674
 Uncontrolled Recursion 		CVE-2020-10704 cpe:2.3:a:samba:samba:*:* 4.12.0
4.11.0
4.0.0



4.12.2
4.11.8
4.10.15 		2024-11-21 13:55
2020-05-6 		Show GitHub Exploit DB Packet Storm
60 5.3
2.6 		MEDIUM
Network 		A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause de… CWE-416
 Use After Free 		CVE-2020-10700 cpe:2.3:a:samba:samba:*:* 4.12.0
4.11.0
4.10.0



4.12.2
4.11.8
4.10.15 		2024-11-21 13:55
2020-05-5 		Show GitHub Exploit DB Packet Storm