GCVE - cpe:2.3:a:synology:directory_server:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:synology:directory_server:-:*:*:*:*:*:*:*

part: a version: - update: *

Vendor	Synology (`65464e9b-7339-559d-9719-837f074e0220`)
Product	Directory Server (`f0981203-4cb3-544e-9fc2-7fc9d3379d29`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-3870`	vulnerable	2026-06-03 14:40:27.720992	Details available MEDIUM (6.1) A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Published: 2019-04-09T15:17:43.000Z Updated: 2024-08-04T19:19:18.603Z Open on db.gcve.eu Reference links https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTJVFA3RZ6G2IZDTVKLHRMX6QBYA4GPA/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6354GALK73CZWQKFUG7AWB6EIEGFMF62/ https://www.samba.org/samba/security/CVE-2019-3870.html https://bugzilla.samba.org/show_bug.cgi?id=13834 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3870	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-19344`	vulnerable	2026-06-03 14:40:04.523913	Details available MEDIUM (6.5) There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. Published: 2020-01-21T00:00:00.000Z Updated: 2024-08-05T02:16:47.118Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344 https://www.samba.org/samba/security/CVE-2019-19344.html https://security.netapp.com/advisory/ntap-20200122-0001/ https://www.synology.com/security/advisory/Synology_SA_20_01 https://usn.ubuntu.com/4244-1/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-14907`	vulnerable	2026-06-03 14:39:46.831996	Details available MEDIUM (6.5) All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless). Published: 2020-01-21T00:00:00.000Z Updated: 2024-08-05T00:34:52.321Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907 https://www.samba.org/samba/security/CVE-2019-14907.html https://security.netapp.com/advisory/ntap-20200122-0001/ https://www.synology.com/security/advisory/Synology_SA_20_01 https://usn.ubuntu.com/4244-1/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.