Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

39 matches found

Samba
Sambaadded 2023/10/10 12:0 a.m.55 views

Samba AD DC password exposure to privileged

Description In normal operation, passwords and most secrets are never disclosed over LDAP in Active Directory. However, due to a design flaw in Samba's implementation of the DirSync control, Active Directory accounts authorized to do some replication, but not to replicate sensitive attributes, ca...

7.5CVSS6.9AI score0.00397EPSS
Exploits0
UbuntuCve
UbuntuCveadded 2023/10/10 12:0 a.m.34 views

CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

7.5CVSS6.7AI score0.00397EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2023/10/10 12:0 a.m.37 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Samba vulnerabilities (USN-6425-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6425-1 advisory. Sri Nagasubramanian discovered that the Samba aclxattr VFS module incorrectly handled read-only files. When Samba is configured to...

7.5CVSS6.9AI score0.00578EPSS
Exploits0References5
OSV
OSVadded 2023/10/10 12:0 a.m.0 views

UBUNTU-CVE-2023-4154

A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users possessing the GETCHANGES right to access all attributes, including sensitive...

7.5CVSS6.7AI score0.00397EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2023/10/03 12:0 a.m.3 views

PT-2023-6233 · Samba +7 · Samba +7

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This fla...

9.8CVSS6.5AI score0.94006EPSS
Exploits14References159
SUSE CVE
SUSE CVEadded 2023/02/15 4:9 a.m.1 views

SUSE CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

4.9CVSS9AI score0.02434EPSS
Exploits1References8
Veracode
Veracodeadded 2020/08/06 9:36 p.m.25 views

Denial Of Service (DoS)

samba is vulnerable to denial of service. An attacker is able to crash the AD DC LDAP server via dirsync resulting...

4.9CVSS3.9AI score0.02434EPSS
Exploits1References10Affected Software1
OSV
OSVadded 2019/11/06 10:15 a.m.0 views

DEBIAN-CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

4.9CVSS5.9AI score0.02434EPSS
Exploits1References1
OSV
OSVadded 2019/11/06 10:15 a.m.1 views

ALPINE-CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

4.9CVSS6.7AI score0.02434EPSS
Exploits1References1
Prion
Prionadded 2019/11/06 10:15 a.m.21 views

Code injection

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

4CVSS5.3AI score0.02434EPSS
Exploits1References8Affected Software3
Cvelist
Cvelistadded 2019/11/06 12:0 a.m.22 views

CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

4.9CVSS6AI score0.02434EPSS
Exploits1References8
Debian CVE
Debian CVEadded 2019/11/06 12:0 a.m.26 views

CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

4.9CVSS6AI score0.02434EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2019/11/06 12:0 a.m.34 views

openSUSE Security Update : samba (openSUSE-2019-2442)

This update for provides the following fixes : Following security issues were fixed : - CVE-2019-14847: User with 'get changes' permission could have crashed AD DC LDAP server via dirsync bsc1154598. - CVE-2019-10218: Client code could have returned filenames containing path separators bsc1144902...

6.5CVSS6.1AI score0.04508EPSS
Exploits1References8
Tenable Nessus
Tenable Nessusadded 2019/10/31 12:0 a.m.238 views

SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2019:2866-1)

This update for provides the following fixes : Following security issues were fixed : CVE-2019-14847: User with 'get changes' permission could have crashed AD DC LDAP server via dirsync bsc1154598. CVE-2019-10218: Client code could have returned filenames containing path separators bsc1144902...

6.5CVSS6.2AI score0.04508EPSS
Exploits1References12
Tenable Nessus
Tenable Nessusadded 2019/10/30 12:0 a.m.40 views

Ubuntu 16.04 LTS / 18.04 LTS : Samba vulnerabilities (USN-4167-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4167-1 advisory. Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a...

6.5CVSS6.3AI score0.04508EPSS
Exploits1References4
Ubuntu
Ubuntuadded 2019/10/29 3:28 p.m.91 views

USN-4167-2: Samba vulnerabilities

USN-4167-1 fixed several vulnerabilities in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecti...

6.5CVSS6.3AI score0.04508EPSS
Exploits1
OSV
OSVadded 2019/10/29 12:15 p.m.0 views

USN-4167-1 samba vulnerabilities

Michael Hanselmann discovered that the Samba client code incorrectly handled path separators. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause the client to access local pathnames instead of network pathnames. CVE-2019-10218 Simon...

6.5CVSS6.3AI score0.04508EPSS
Exploits1References4
OSV
OSVadded 2019/10/29 12:0 a.m.0 views

UBUNTU-CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

4.9CVSS6.3AI score0.02434EPSS
Exploits1References5
UbuntuCve
UbuntuCveadded 2019/10/29 12:0 a.m.31 views

CVE-2019-14847

A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue...

4.9CVSS6.3AI score0.02434EPSS
Exploits1References4
Rows per page
Query Builder