SUSE CVE-2025-10230

A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active...

ROS-20251001-04

A vulnerability in the gnutlsrnd function of the Samba networking software package is related to the use of insufficiently random values. insufficiently randomized values. Exploitation of the vulnerability could allow an attacker to gain access to confidential data...

ROS-20250923-15

Vulnerability of LDAP protocol implementation of Samba networking software package is related to flaws in access control list ACL based access delimitation. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges...

CVE-2025-0620 Samba: smbd doesn't pick up group membership changes when re-authenticating an expired smb session

A flaw was found in Samba. The smbd service daemon does not pick up group membership changes when re-authenticating an expired SMB session. This issue can expose file shares until clients disconnect and then connect again...

Advisory ROSA-SA-2025-2694

Software: samba 4.17.12 OS: ROSA Virtualization 3.0 packageevrstring: samba-4.17.12 CVE-ID: CVE-2022-38023 BDU-ID: 2022-06830 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Netlogon Remote Protocol MS-NRPC implementation of Windows operating systems is due to errors in security settings...

RHSA-2004:064 Red Hat Security Advisory: samba security update

Bulletin has no description...

PT-2023-6233 · Samba +7 · Samba +7

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This fla...

DSA-5477-1 samba - security update

Bulletin has no description...

AZL-26215 CVE-2023-0922 affecting package samba 4.12.5-7

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection...

SUSE-SU-2023:1687-1 Security update for ldb, samba

This update for ldb, samba fixes the following issues: ldb: - CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module bsc1201490. - CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes bso15270 bsc1209485. samba: - CVE-2023-0922: Fixed cleartext...

SUSE CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

SUSE CVE-2016-2114

The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "server signing = mandatory" setting, which allows man-in-the-middle attackers to spoof SMB servers by modifying the client-server data stream...

DEBIAN-CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrapdes and unwrapdes3 routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc allocated memory when presented with a...

Samba Memory Corruption Vulnerability

Samba is a set of free software from the Samba team that enables UNIX series operating systems to connect to the SMB/CIFS network protocol of Microsoft Windows operating systems. The program supports sharing printers, transferring data files to each other, and so on. A security vulnerability exis...

Samba Authorization Issues Vulnerability

Samba is a set of free software from the Samba team that enables UNIX series operating systems to connect to the SMB/CIFS network protocol of Microsoft Windows operating systems. The program supports sharing printers, transferring data files to each other, and so on. An authorization issue...

DSA-3816-2 samba - regression update

Bulletin has no description...

CVE-2016-2119

libcli/smb/smbXclibase.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the 1 SMB2SESSIONFLAGISGUEST or 2 SMB2SESSIONFLAGISNULL flag...

CVE-2016-2111

The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted applicatio...

RedHat Update for samba3x RHSA-2016:0613-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SAMBA 2.0.7 SWAT Symlink Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1872/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes...