Search Results (249 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0812 1 Samba 1 Samba 2026-04-16 N/A
Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.
CVE-2000-0938 1 Samba 1 Samba 2026-04-16 N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.
CVE-2004-0808 2 Redhat, Samba 2 Enterprise Linux, Samba 2026-04-16 N/A
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.
CVE-2002-0080 2 Redhat, Samba 2 Linux, Rsync 2026-04-16 N/A
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
CVE-1999-0182 1 Samba 1 Samba 2026-04-16 N/A
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.
CVE-2004-1154 4 Redhat, Samba, Suse and 1 more 5 Enterprise Linux, Fedora Core, Samba and 2 more 2026-04-16 N/A
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
CVE-2004-1002 2 Canonical, Samba 2 Ubuntu Linux, Ppp 2026-04-16 7.5 High
Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.
CVE-2001-1162 3 Hp, Redhat, Samba 3 Cifs-9000 Server, Linux, Samba 2026-04-16 N/A
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
CVE-2003-0196 6 Compaq, Hp, Redhat and 3 more 9 Tru64, Cifs-9000 Server, Hp-ux and 6 more 2026-04-16 N/A
Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201.
CVE-2004-2546 2 Samba, Trustix 2 Samba, Secure Linux 2026-04-16 N/A
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
CVE-2000-0935 1 Samba 1 Samba 2026-04-16 N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
CVE-1999-0811 1 Samba 1 Samba 2026-04-16 N/A
Buffer overflow in Samba smbd program via a malformed message command.
CVE-2004-0686 3 Redhat, Samba, Trustix 3 Enterprise Linux, Samba, Secure Linux 2026-04-16 N/A
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
CVE-2001-0406 2 Redhat, Samba 2 Linux, Samba 2026-04-16 N/A
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
CVE-2002-2196 1 Samba 1 Samba 2026-04-16 N/A
Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.
CVE-2000-0936 1 Samba 1 Samba 2026-04-16 N/A
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
CVE-2004-0829 1 Samba 1 Samba 2026-04-16 N/A
smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.
CVE-1999-0810 1 Samba 1 Samba 2026-04-16 N/A
Denial of service in Samba NETBIOS name service daemon (nmbd).
CVE-2020-1472 9 Canonical, Debian, Fedoraproject and 6 more 20 Ubuntu Linux, Debian Linux, Fedora and 17 more 2026-02-23 5.5 Medium
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.
CVE-2023-3961 3 Fedoraproject, Redhat, Samba 7 Fedora, Enterprise Linux, Enterprise Linux Eus and 4 more 2025-11-20 9.1 Critical
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.