samba (SUSE:Linux Enterprise Software Development Kit 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Software Development Kit 12 SP3 package samba, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2017-14746 — CVSS 9.8 (critical): Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
CVE-2018-1057 — CVSS 8.8 (high): On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over…
CVE-2017-11103 — CVSS 8.1 (high): Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in…
CVE-2017-15275 — CVSS 7.5 (high): Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap…
CVE-2017-12150 — CVSS 7.4 (high): It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration…
CVE-2017-12151 — CVSS 7.4 (high): A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as…
CVE-2019-3880 — CVSS 5.4 (medium): A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could…
CVE-2018-1050 — CVSS 4.3 (medium): All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run…
CVE-2018-10858 — CVSS 4.3 (medium): A heap-buffer overflow was found in the way samba clients processed extra long filename in a directory listing. A malicious samba server…
CVE-2018-10919 — CVSS 4.3 (medium): The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An…
CVE-2017-12163 — CVSS 4.1 (medium): An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before…