Unauthenticated Remote Code Execution

Description Samba file servers and classic non-AD domain controllers offer the SamValidatePasswordChange and SamValidatePasswordReset RPC services on the SAMR DCE/RPC service when running over NCACNIPTCP. Both services pass a username and password to the "check password script" that can be...

SUSE-SU-2026:0293-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-38321: smb: Log an error when closeallcacheddirs fails bsc1246328. - CVE-2025-38728: smb3: fix for slab out of bounds on mount to ksmbd bsc1249256. -...

Oracle Linux 9 : kernel (ELSA-2025-21112)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21112 advisory. - crypto: xts - Handle EBUSY correctly Vladis Dronov RHEL-119236 CVE-2023-53494 - ipv6: sr: Fix MAC comparison to be constant-time CKI Backport Bot...

EUVD-2021-29993

Malicious code in bioql PyPI...

EUVD-2025-22790

Malicious code in bioql PyPI...

CVE-2025-8182

A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etcro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an atta...

Tenda AC18 安全漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a weak password vulnerability that originates from a code flaw in the /etcro/smb.conf file in the Samba component. No detailed...

UBUNTU-CVE-2025-22041

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in ksmbdsessionsderegister In multichannel mode, UAF issue can occur in sessionderegister when the second channel sets up a session through the connection of the first channel. session that is freed...

SUSE CVE-2024-56729

In the Linux kernel, the following vulnerability has been resolved: smb: Initialize cfid-tcon before performing network ops Avoid leaking a tcon ref when a lease break races with opening the cached directory. Processing the leak break might take a reference to the tcon in cacheddirleasebreak and...

AZL-54999 CVE-2024-56729 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: smb: Initialize cfid-tcon before performing network ops Avoid leaking a tcon ref when a lease break races with opening the cached directory. Processing the leak break might take a reference to the tcon in cacheddirleasebreak and...

OESA-2023-1754 samba security update

Samba is a suite of programs for Linux and Unix to interoperate with Windows. Security Fixes: A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "aclxattr" is configured with "aclxattr:ignore syst...

The vulnerability of the Samba network file system, related to incorrect definition of the link before accessing files, allows attackers to gain access to confidential information.

The vulnerability of the Samba network file system is related to the incorrect definition of the link before accessing a file. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information by creating symbolic links...

The vulnerability of the Samba network file system, related to insufficient verification of data authenticity, allows a perpetrator to cause service interruptions.

The vulnerability of the Samba network file system is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2021-40035

There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones. Successful exploitation of this vulnerability may affect function stability...

CVE-2021-43039

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access...

PT-2021-23728 · Kaseya · Kaseya Unitrends Backup Appliance

Name of the Vulnerable Software and Affected Versions: Kaseya Unitrends Backup Appliance versions prior to 10.5.5 Description: An issue was discovered in the Samba file sharing service, allowing anonymous read/write access. Recommendations: For versions prior to 10.5.5, update to version 10.5.5 o...

Moderate: samba security update

Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allow PC-compatible machines to share files, printers, and various information. Security Fixes: samba: Negative idmap cache entries can cause incorrect...

The vulnerability of the Samba file system, related to reading beyond the buffer boundaries, allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Samba file system is related to reading data beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of the protected information...

RHEL 7 : samba (RHSA-2021:2313)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2313 advisory. Samba is an open-source implementation of the Server Message Block SMB protocol and the related Common Internet File System CIFS protocol, which allo...

samba -- negative idmap cache entries vulnerability

The Samba Team reports: CVE-2021-20254: Negative idmap cache entries can cause incorrect group entries in the Samba file server process token...