Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 208 CRITICAL 6 HIGH 78 MEDIUM 106 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
71 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
72 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
73 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
74 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
75 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
76 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
77 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
78 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
79 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
80 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
81 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
82 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
83 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
84 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
85 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
86 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 4 31 47 1
87 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 5 34 52 6
88 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
89 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
90 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
91 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
92 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
93 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
94 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
95 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
96 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
97 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
98 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
99 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
100 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
101 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
102 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
71 7.5
6.0 		HIGH
Network 		A flaw was found in samba's Heimdal KDC implementation, versions 4.8.x up to, excluding 4.8.12, 4.9.x up to, excluding 4.9.8 and 4.10.x up to, excluding 4.10.3, when used in AD DC mode. A man in the … CWE-358
 Improperly Implemented Security Check for Standard 		CVE-2018-16860 cpe:2.3:a:samba:samba:*:* 4.10.0
4.8.0
4.9.0



4.10.3
4.8.12
4.9.8 		2024-11-21 12:53
2019-08-1 		Show GitHub Exploit DB Packet Storm
72 6.5
4.0 		MEDIUM
Network 		Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to an AD DC LDAP server Denial of Service. This is related to an attacker using the paged search control. The attacker must have dir… CWE-476
 NULL Pointer Dereference 		CVE-2019-12436 cpe:2.3:a:samba:samba:*:* 4.10.0 4.10.5 2024-11-21 13:22
2019-06-19 		Show GitHub Exploit DB Packet Storm
73 6.5
4.0 		MEDIUM
Network 		Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL pointer dereference, leading to Denial of Service. This is related to the AD DC DNS management server (dnsserver) RPC server process. CWE-476
 NULL Pointer Dereference 		CVE-2019-12435 cpe:2.3:a:samba:samba:*:* 4.10.0
4.9.0

4.10.5
4.9.9 		2024-11-21 13:22
2019-06-19 		Show GitHub Exploit DB Packet Storm
74 5.4
5.5 		MEDIUM
Network 		A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they… CWE-22
Path Traversal 		CVE-2019-3880 cpe:2.3:a:samba:samba:*:* 4.10.0
4.9.0
3.2.0



4.10.2
4.9.6
4.8.11 		2024-11-21 13:42
2019-04-10 		Show GitHub Exploit DB Packet Storm
75 6.1
3.6 		MEDIUM
Local 		A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the insta… CWE-276
Incorrect Default Permissions  		CVE-2019-3870 cpe:2.3:a:samba:samba:*:* 4.10.0
4.9.0

4.10.2
4.9.6 		2024-11-21 13:42
2019-04-10 		Show GitHub Exploit DB Packet Storm
76 6.5
4.0 		MEDIUM
Network 		A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the L… CWE-125
Out-of-bounds Read 		CVE-2019-3824 cpe:2.3:a:samba:samba:*:* 4.10.0 2024-11-21 13:42
2019-03-7 		Show GitHub Exploit DB Packet Storm
77 5.9
4.3 		MEDIUM
Network 		Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch f… CWE-358
 Improperly Implemented Security Check for Standard 		CVE-2018-16857 cpe:2.3:a:samba:samba:*:* 4.9.0 4.9.3 2024-11-21 12:53
2018-11-28 		Show GitHub Exploit DB Packet Storm
78 5.9
4.3 		MEDIUM
Network 		Samba from version 4.7.0 has a vulnerability that allows a user in a Samba AD domain to crash the KDC when Samba is built in the non-default MIT Kerberos configuration. With this advisory the Samba T… CWE-400
 Uncontrolled Resource Consumption 		CVE-2018-16853 cpe:2.3:a:samba:samba:*:* 4.8.0
4.9.0
4.7.0



4.8.7
4.9.3
4.7.12 		2024-11-21 12:53
2018-11-28 		Show GitHub Exploit DB Packet Storm
79 4.4
3.5 		MEDIUM
Network 		Samba from version 4.9.0 and before version 4.9.3 is vulnerable to a NULL pointer de-reference. During the processing of an DNS zone in the DNS management DCE/RPC server, the internal DNS server or t… CWE-476
 NULL Pointer Dereference 		CVE-2018-16852 cpe:2.3:a:samba:samba:*:* 4.9.0 4.9.3 2024-11-21 12:53
2018-11-28 		Show GitHub Exploit DB Packet Storm
80 6.5
4.0 		MEDIUM
Network 		Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the cl… CWE-476
 NULL Pointer Dereference 		CVE-2018-16851 cpe:2.3:a:samba:samba:*:* 4.8.0
4.0.0
4.9.0



4.8.7
4.7.12
4.9.3 		2024-11-21 12:53
2018-11-28 		Show GitHub Exploit DB Packet Storm