Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Samba Number Of NVD 211 CRITICAL 7 HIGH 78 MEDIUM 108 LOW 18
URL https://www.samba.org/
Explanation Samba is the standard Windows interoperability suite of programs for Linux and Unix.

Samba is Free Software licensed under the GNU General Public License, the Samba project is a member of the Software Freedom Conservancy.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

Excerpted and translated from [https://www.samba.org/
Tag
  • GPL v3
  • オープンソース
Add Information URL
No Type Name URL
1 https://www.samba.org/samba/history/
2 https://wiki.samba.org/index.php/Samba_Release_Planning
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
141 Samba 4.19 4.19.9 Oct. 17, 2024 Sept. 4, 2023 1 0 5 0
142 Samba 4.18 4.18.11 March 13, 2024 March 8, 2023 1 1 12 0
143 Samba 4.17 4.17.12 Oct. 10, 2023 Sept. 13, 2022 2 5 15 0
144 Samba 4.16 4.16.11 July 19, 2023 March 21, 2022 3 8 14 0
145 Samba 4.15 4.15.13 Dec. 15, 2022 Sept. 20, 2021 3 14 16 0
146 Samba 4.14 4.14.14 July 27, 2022 March 9, 2021 2 16 19 0
147 Samba 4.13 4.13.17 Jan. 31, 2022 Sept. 22, 2020 2 16 22 1
148 Samba 4.12 4.12.15 April 29, 2021 March 3, 2020 2 17 26 1
149 Samba 4.11 4.11.17 Dec. 3, 2020 Sept. 17, 2019 3 17 33 1
150 Samba 4.10 4.10.18 Sept. 18, 2019 March 19, 2019 3 18 38 1
151 Samba 4.9 4.9.18 Jan. 21, 2020 Sept. 13, 2018 Jan. 1, 2000 3 16 43 1
152 Samba 4.8 4.8.12 May 14, 2019 March 13, 2018 Jan. 1, 2000 2 18 40 1
153 Samba 4.7 4.7.12 Nov. 27, 2018 Sept. 20, 2017 Jan. 1, 2000 3 19 40 1
154 Samba 4.5 4.5.16 March 13, 2018 Sept. 7, 2016 Jan. 1, 2000 4 24 41 1
155 Samba 4.3 4.3.13 Dec. 19, 2016 Sept. 8, 2015 Jan. 1, 2000 4 30 49 1
156 Samba 4.2 4.22.1 April 17, 2025 March 4, 2015 Jan. 1, 2000 5 31 48 1
157 Samba 4.1 4.19.9 Oct. 17, 2024 Jan. 11, 2013 Jan. 1, 2000 6 34 53 6
158 Samba 4.0 4.0.26 May 6, 2015 Dec. 11, 2012 Jan. 1, 2000 4 34 53 7
159 Samba 3.6 3.6.25 Feb. 23, 2015 Aug. 9, 2011 Jan. 1, 2000 3 16 37 5
160 Samba 3.5 3.5.22 Aug. 5, 2013 March 1, 2010 Jan. 1, 2000 3 16 34 6
161 Samba 3.4 3.4.17 April 30, 2012 July 3, 2009 Jan. 1, 2000 2 15 37 8
162 Samba 3.3 3.3.16 July 26, 2011 Jan. 27, 2009 Jan. 1, 2000 2 16 35 8
163 Samba 3.2 3.2.15 Oct. 1, 2009 July 1, 2008 Jan. 1, 2000 2 17 37 7
164 Samba 3.0 3.0.37 Oct. 1, 2009 Sept. 24, 2003 Jan. 1, 2000 2 30 42 7
165 Samba 4.6 4.6.9 Aug. 14, 2018 Jan. 1, 2000 4 23 38 1
166 Samba 4.4 4.4.9 Sept. 20, 2017 Jan. 1, 2000 4 27 46 1
167 Samba 3.1 3.1.0 Jan. 1, 2000 2 15 24 5
168 Samba 2.2a 2.2a Jan. 1, 2000 2 12 18 4
169 Samba 2.2 2.2.12 Sept. 29, 2004 Jan. 1, 2000 2 20 20 5
170 Samba 2.18 2.18.3 Jan. 1, 2000 2 12 17 4
171 Samba 2.0 2.0.9 Jan. 1, 2000 2 23 22 7
172 Samba 1.9 1.9.18 Jan. 7, 1998 Jan. 1, 2000 2 13 20 5
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
141 -
3.5 		LOW Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authen… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2013-0172 cpe:2.3:a:samba:samba:4.0.0:* 2024-11-21 10:46
2013-01-18 		Show GitHub Exploit DB Packet Storm
142 -
6.5 		MEDIUM The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not p… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-2111 cpe:2.3:a:samba:samba:3.6.4:*
cpe:2.3:a:samba:samba:3.6.3:*
cpe:2.3:a:samba:samba:3.6.2:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:38
2012-04-30 		Show GitHub Exploit DB Packet Storm
143 -
10.0 		HIGH The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory … CWE-189
Numeric Errors 		CVE-2012-1182 cpe:2.3:a:samba:samba:3.6.3:*
cpe:2.3:a:samba:samba:3.6.2:*
cpe:2.3:a:samba:samba:3.6.1:*
cpe:2.3:a:samba:samb… 		3.4.15 2024-11-21 10:36
2012-04-11 		Show GitHub Exploit DB Packet Storm
144 -
7.9 		HIGH Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to ca… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2012-0870 cpe:2.3:a:samba:samba:3.0.0:* 2024-11-21 10:35
2012-02-23 		Show GitHub Exploit DB Packet Storm
145 -
5.0 		MEDIUM Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote attackers to cause a denial of service (memory and CPU consumption) by making many connection requests. CWE-200
Information Exposure 		CVE-2012-0817 cpe:2.3:a:samba:samba:3.6.2:*
cpe:2.3:a:samba:samba:3.6.1:*
cpe:2.3:a:samba:samba:3.6.0:* 		2024-11-21 10:35
2012-01-31 		Show GitHub Exploit DB Packet Storm
146 -
1.2 		LOW The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs in Samba 3.5.10 and earlier does not properly verify that the (1) device name and (2) mountpoint strings are composed of valid ch… CWE-20
 Improper Input Validation  		CVE-2011-2724 cpe:2.3:a:samba:samba:3.5.9:*
cpe:2.3:a:samba:samba:3.5.8:*
cpe:2.3:a:samba:samba:3.5.7:*
cpe:2.3:a:samba:samb… 		3.5.10 2024-11-21 10:28
2011-09-7 		Show GitHub Exploit DB Packet Storm
147 -
2.6 		LOW Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to … CWE-79
Cross-site Scripting 		CVE-2011-2694 cpe:2.3:a:samba:samba:*:* 3.0.0
3.4.0
3.5.0



3.3.16
3.4.14
3.5.10 		2024-11-21 10:28
2011-07-30 		Show GitHub Exploit DB Packet Storm
148 -
6.8 		MEDIUM Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators… CWE-352
 Origin Validation Error 		CVE-2011-2522 cpe:2.3:a:samba:samba:*:* 3.0.0
3.4.0
3.5.0



3.3.16
3.4.14
3.5.10 		2024-11-21 10:28
2011-07-30 		Show GitHub Exploit DB Packet Storm
149 -
3.3 		LOW smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to append to the /etc/mtab file and (2) umount.cifs to append to the /etc/mtab.tmp file without first checking whether resource limits … CWE-20
 Improper Input Validation  		CVE-2011-1678 cpe:2.3:a:samba:samba:*:* 3.5.8 2024-11-21 10:26
2011-04-10 		Show GitHub Exploit DB Packet Storm
150 -
5.0 		MEDIUM Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2011-0719 cpe:2.3:a:samba:samba:3.5.6:*
cpe:2.3:a:samba:samba:3.5.5:*
cpe:2.3:a:samba:samba:3.5.4:*
cpe:2.3:a:samba:samb… 		2024-11-21 10:24
2011-03-2 		Show GitHub Exploit DB Packet Storm