Samba

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:samba:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductSamba (8c052bd9-44f8-5619-ba3d-585f03f76e0a)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-4154 not_vulnerable 2026-06-08 06:16:11.649113 Samba: ad dc password exposure to privileged users and rodcs
HIGH (7.5)
A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.
Published: 2023-11-07T19:14:28.305Z
Updated: 2024-08-02T07:17:12.144Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0922 vulnerable 2026-06-08 05:52:33.455535 Details available
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
Published: 2023-04-03T00:00:00.000Z
Updated: 2025-02-13T14:54:44.569Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0614 vulnerable 2026-06-08 05:52:32.075268 Details available
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Published: 2023-04-03T00:00:00.000Z
Updated: 2025-02-13T14:53:13.426Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-0225 vulnerable 2026-06-08 05:52:04.552860 Details available
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.
Published: 2023-04-03T00:00:00.000Z
Updated: 2025-02-18T15:13:40.669Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-45142 vulnerable 2026-06-08 05:50:35.776278 Details available
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.
Published: 2023-03-06T00:00:00.000Z
Updated: 2025-03-06T20:20:48.532Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-45141 vulnerable 2026-06-08 05:50:35.774652 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-3592 vulnerable 2026-06-08 05:48:21.488785 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-3437 vulnerable 2026-06-08 05:48:21.069117 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-32746 vulnerable 2026-06-08 05:44:45.733075 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-32745 vulnerable 2026-06-08 05:44:45.732613 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-32744 vulnerable 2026-06-08 05:44:45.732234 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-32743 vulnerable 2026-06-08 05:44:45.731895 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-32742 vulnerable 2026-06-08 05:44:45.730467 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-2031 vulnerable 2026-06-08 05:42:50.119605 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-1615 vulnerable 2026-06-08 05:39:13.571888 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-0336 vulnerable 2026-06-08 05:39:09.798468 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-44141 vulnerable 2026-06-08 05:36:44.972896 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-3738 vulnerable 2026-06-08 05:33:53.881859 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-3671 vulnerable 2026-06-08 05:33:53.380059 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-3670 vulnerable 2026-06-08 05:33:53.377880 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-23192 vulnerable 2026-06-08 05:30:02.387922 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-20316 vulnerable 2026-06-08 05:29:08.956168 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-20277 vulnerable 2026-06-08 05:29:08.877551 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-20254 vulnerable 2026-06-08 05:29:08.823091 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-20251 vulnerable 2026-06-08 05:29:08.817062 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-27840 vulnerable 2026-06-08 05:23:53.306396 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-25722 vulnerable 2026-06-08 05:23:49.252938 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-25721 vulnerable 2026-06-08 05:23:49.252525 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-25719 vulnerable 2026-06-08 05:23:49.227444 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-25718 vulnerable 2026-06-08 05:23:49.226227 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-25717 vulnerable 2026-06-08 05:23:49.158574 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-14383 vulnerable 2026-06-08 05:19:23.193081 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-14323 vulnerable 2026-06-08 05:19:22.975960 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-14318 vulnerable 2026-06-08 05:19:22.967305 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-14303 vulnerable 2026-06-08 05:19:22.894111 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-10760 vulnerable 2026-06-08 05:16:35.848905 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-10745 vulnerable 2026-06-08 05:16:35.812352 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-10730 vulnerable 2026-06-08 05:16:35.753408 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-14628 vulnerable 2026-06-08 05:10:53.142251 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data
CVE:CVE-2016-2124 vulnerable 2026-06-08 05:07:33.318621 db.gcve.eu details were skipped to keep the page responsive. Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.