Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
61 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
62 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
63 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
64 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
65 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
66 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
67 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
68 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
69 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
70 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
71 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
72 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
73 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
74 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
75 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
76 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
77 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
78 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
79 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
80 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
81 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
82 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
83 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
84 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
85 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
86 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
87 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
88 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
89 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
90 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
91 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
92 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
61 6.5
4.0 		MEDIUM
Network 		There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc()… CWE-416
 Use After Free 		CVE-2019-19344 cpe:2.3:a:samba:samba:*:* 4.9.0
4.10.0
4.11.0



4.9.18
4.10.12
4.11.5 		2024-11-21 13:34
2020-01-22 		Show GitHub Exploit DB Packet Storm
62 5.4
5.5 		MEDIUM
Network 		There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a… NVD-CWE-noinfo
CVE-2019-14902 cpe:2.3:a:samba:samba:*:* 4.10.0
4.11.0
4.0.0



4.10.12
4.11.5
4.9.18 		2024-11-21 13:27
2020-01-22 		Show GitHub Exploit DB Packet Storm
63 6.5
2.6 		MEDIUM
Network 		All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after… CWE-125
Out-of-bounds Read 		CVE-2019-14907 cpe:2.3:a:samba:samba:*:* 4.9.0
4.10.0
4.11.0



4.9.18
4.10.12
4.11.5 		2024-11-21 13:27
2020-01-22 		Show GitHub Exploit DB Packet Storm
64 4.7
1.9 		MEDIUM
Local 		Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window whe… CWE-362
Race Condition 		CVE-2011-3585 cpe:2.3:a:samba:samba:3.6.0:* 2024-11-21 10:30
2020-01-1 		Show GitHub Exploit DB Packet Storm
65 5.4
6.4 		MEDIUM
Network 		All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clie… CWE-287
Improper Authentication 		CVE-2019-14870 cpe:2.3:a:samba:samba:*:* 4.10.0
4.11.0
4.0.0



4.10.11
4.11.3
4.9.17 		2024-11-21 13:27
2019-12-11 		Show GitHub Exploit DB Packet Storm
66 5.3
3.5 		MEDIUM
Network 		All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS reco… - CVE-2019-14861 cpe:2.3:a:samba:samba:*:* 4.10.0
4.11.0
4.0.0



4.10.11
4.11.3
4.9.17 		2024-11-21 13:27
2019-12-11 		Show GitHub Exploit DB Packet Storm
67 4.9
4.0 		MEDIUM
Network 		A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not po… CWE-476
 NULL Pointer Dereference 		CVE-2019-14847 cpe:2.3:a:samba:samba:*:* 4.0.0
4.10.0

4.9.15
4.10.10 		2024-11-21 13:27
2019-11-6 		Show GitHub Exploit DB Packet Storm
68 6.5
4.3 		MEDIUM
Network 		A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the cl… CWE-22
Path Traversal 		CVE-2019-10218 cpe:2.3:a:samba:samba:*:* 4.10.0
4.11.0



4.10.10
4.11.2
4.9.15 		2024-11-21 13:18
2019-11-6 		Show GitHub Exploit DB Packet Storm
69 5.4
4.9 		MEDIUM
Network 		A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Sam… CWE-521
Weak Password Requirements  		CVE-2019-14833 cpe:2.3:a:samba:samba:*:* 4.10.0
4.11.0
4.5.0



4.10.10
4.11.2
4.9.15 		2024-11-21 13:27
2019-11-6 		Show GitHub Exploit DB Packet Storm
70 9.1
6.4 		CRITICAL
Network 		A flaw was found in samba versions 4.9.x up to 4.9.13, samba 4.10.x up to 4.10.8 and samba 4.11.x up to 4.11.0rc3, when certain parameters were set in the samba configuration file. An unauthenticated… CWE-22
Path Traversal 		CVE-2019-10197 cpe:2.3:a:samba:samba:4.9.0:rc5
cpe:2.3:a:samba:samba:4.9.0:rc4
cpe:2.3:a:samba:samba:4.9.0:rc3
cpe:2.3:a:samb… 		4.9.0
4.10.0 		4.9.13
4.10.8

2024-11-21 13:18
2019-09-4 		Show GitHub Exploit DB Packet Storm