CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

F5 Networks•added 2023/02/21 7:0 p.m.•46 views

K13364192: Samba vulnerability CVE-2016-2119

Security Advisory Description libcli/smb/smbXclibase.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the 1 SMB2SESSIONFLAGISGUEST or 2...

7.5CVSS7.5AI score0.01142EPSS

Exploits0

F5 Networks•added 2023/02/21 6:54 p.m.•32 views

K21595932: Samba vulnerability CVE-2018-1057

Security Advisory Description On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service...

8.8CVSS7.4AI score0.07722EPSS

Exploits1

SUSE CVE•added 2023/02/15 5:39 a.m.•1 views

SUSE CVE-2013-1863

Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, create, or delete arbitrary files via standard filesystem operations...

6CVSS7AI score0.00283EPSS

Exploits0References3

Tenable Nessus•added 2022/02/03 12:0 a.m.•363 views

Samba 4.0.x < 4.13.17 / 4.14.x < 4.14.12 / 4.15.x < 4.15.5 Multiple Vulnerabilities

The version of Samba running on the remote host is 4.0.x prior to 4.13.17, 4.14.x prior to 4.14.12, or 4.15.x prior to 4.15.5. It is, therefore, affected by multiple vulnerabilities: - Out-of-bounds heap read/write vulnerability in VFS module vfsfruit allows code execution. CVE-2021-44142 -...

9CVSS7.8AI score0.35695EPSS

Exploits1References7

Tenable Nessus•added 2020/01/24 12:0 a.m.•133 views

Samba 4.x < 4.9.18 / 4.10.x < 4.10.12 / 4.11.x < 4.11.5 Multiple Vulnerabilities

The version of Samba running on the remote host is 4.x prior to 4.9.18, 4.10.x prior to 4.10.12, or 4.11.x prior to 4.11.5. It is, therefore, affected by multiple vulnerabilities: - An issue exists with ACL inheritance due to added or removed delegated rights not being inherited across domain...

6.5CVSS6.8AI score0.10242EPSS

Exploits0References6

IBM Security Bulletins•added 2019/12/20 8:47 a.m.•135 views

Security Bulletin: SMB signing not required in IBM Spectrum Protect Plus (CVE-2016-2115)

Summary IBM Spectrum Protect Plus is vulnerable to man-in-the-middle attacks as it does not make SMB signing mandatory. Vulnerability Details CVEID: CVE-2016-2115 DESCRIPTION: Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not require SMB signing within a DCERPC...

5.9CVSS1.1AI score0.22744EPSS

Exploits0Affected Software1

0day.today•added 2018/03/16 12:0 a.m.•577 views

Samba 4.x Password Change Vulnerability

On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts. ==================================================================== == Subject: Authenticated users can change other users' password == ==...

8.5AI score0.07722EPSS

Exploits1

OSV•added 2018/03/13 12:0 a.m.•1 views

UBUNTU-CVE-2018-1057

On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts eg Domain Controllers...

8.8CVSS7.1AI score0.07722EPSS

Exploits1References5