Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 211 CRITICAL 7 HIGH 78 MEDIUM 108 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
131 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
132 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
133 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
134 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
135 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
136 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
137 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
138 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
139 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
140 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
141 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
142 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
143 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
144 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
145 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
146 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 5 31 48 1
147 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 6 34 53 6
148 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
149 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
150 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
151 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
152 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
153 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
154 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
155 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
156 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
157 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
158 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
159 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
160 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
161 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
162 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
131 -
5.0 		MEDIUM Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obta… CWE-255
Credentials Management 		CVE-2013-4496 cpe:2.3:a:samba:samba:*:* 4.1.0
4.0.0
3.4.0



4.1.6
4.0.16
3.6.23 		2024-11-21 10:55
2014-03-14 		Show GitHub Exploit DB Packet Storm
132 -
8.3 		HIGH Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done function in librpc/rpc/dcerpc_util.c in winbindd in Samba 3.x before 3.6.22, 4.0.x before 4.0.13, and 4.1.x before 4.1.3 allows remote … CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2013-4408 cpe:2.3:a:samba:samba:4.1.2:*
cpe:2.3:a:samba:samba:4.1.1:*
cpe:2.3:a:samba:samba:4.1.0:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:55
2013-12-10 		Show GitHub Exploit DB Packet Storm
133 -
3.6 		LOW The winbind_name_list_to_sid_string_list function in nsswitch/pam_winbind.c in Samba through 4.1.2 handles invalid require_membership_of group names by accepting authentication by any user, which all… CWE-20
 Improper Input Validation  		CVE-2012-6150 cpe:2.3:a:samba:samba:*:* 4.1.0
4.0.0
3.4.3
3.3.10





4.1.3
4.0.13
3.6.22
3.4.0 		2024-11-21 10:45
2013-12-4 		Show GitHub Exploit DB Packet Storm
134 -
1.2 		LOW Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information b… CWE-310
Cryptographic Issues 		CVE-2013-4476 cpe:2.3:a:samba:samba:4.1.0:*
cpe:2.3:a:samba:samba:4.0.9:*
cpe:2.3:a:samba:samba:4.0.8:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:55
2013-11-14 		Show GitHub Exploit DB Packet Storm
135 -
4.0 		MEDIUM Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and 4.1.x before 4.1.1, when vfs_streams_depot or vfs_streams_xattr is enabled, allows remote attackers to bypass intended file restricti… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-4475 cpe:2.3:a:samba:samba:4.1.0:*
cpe:2.3:a:samba:samba:*:* 		3.2.0
4.0.0

3.6.20
4.0.11 		2024-11-21 10:55
2013-11-14 		Show GitHub Exploit DB Packet Storm
136 -
5.0 		MEDIUM Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (… CWE-189
Numeric Errors 		CVE-2013-4124 cpe:2.3:a:samba:samba:4.0.7:*
cpe:2.3:a:samba:samba:4.0.6:*
cpe:2.3:a:samba:samba:4.0.5:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:54
2013-08-6 		Show GitHub Exploit DB Packet Storm
137 -
4.0 		MEDIUM The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS sh… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-0454 cpe:2.3:a:samba:samba:3.6.4:*
cpe:2.3:a:samba:samba:3.6.3:*
cpe:2.3:a:samba:samba:3.6.2:*
cpe:2.3:a:samba:samb… 		3.6.5 2024-11-21 10:47
2013-03-27 		Show GitHub Exploit DB Packet Storm
138 -
6.0 		MEDIUM Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-1863 cpe:2.3:a:samba:samba:4.0.3:*
cpe:2.3:a:samba:samba:4.0.2:*
cpe:2.3:a:samba:samba:4.0.1:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:50
2013-03-20 		Show GitHub Exploit DB Packet Storm
139 -
5.1 		MEDIUM Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the… CWE-352
 Origin Validation Error 		CVE-2013-0214 cpe:2.3:a:samba:samba:4.0.1:*
cpe:2.3:a:samba:samba:4.0.0:*
cpe:2.3:a:samba:samba:3.6.9:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:47
2013-02-3 		Show GitHub Exploit DB Packet Storm
140 -
5.1 		MEDIUM The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME el… CWE-20
 Improper Input Validation  		CVE-2013-0213 cpe:2.3:a:samba:samba:4.0.1:*
cpe:2.3:a:samba:samba:4.0.0:*
cpe:2.3:a:samba:samba:3.6.9:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:47
2013-02-3 		Show GitHub Exploit DB Packet Storm