cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-4154,https://securityvulnerability.io/vulnerability/CVE-2023-4154,Samba: ad dc password exposure to privileged users and rodcs,"A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.",Red Hat,"samba,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Storage 3,Fedora",6.5,MEDIUM,0.000859999970998615,false,false,false,false,,false,false,2023-11-07T20:15:00.000Z,0
CVE-2023-42670,https://securityvulnerability.io/vulnerability/CVE-2023-42670,Ad dc busy rpc multiple listener dos,"A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation ""classic DCs"") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as ""The procedure number is out of range"" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.",Red Hat,"Samba,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Storage 3,Fedora",6.5,MEDIUM,0.0013200000394135714,false,false,false,false,,false,false,2023-11-03T08:15:00.000Z,0
CVE-2020-10704,https://securityvulnerability.io/vulnerability/CVE-2020-10704,,"A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba handles certain requests as an Active Directory Domain Controller LDAP server, an unauthorized user can cause a stack overflow leading to a denial of service. The highest threat from this vulnerability is to system availability. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.",Red Hat,Samba,7.5,HIGH,0.03167999908328056,false,false,false,false,,false,false,2020-05-06T00:00:00.000Z,0
CVE-2020-10700,https://securityvulnerability.io/vulnerability/CVE-2020-10700,,"A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.",Red Hat,Samba,5.3,MEDIUM,0.004019999876618385,false,false,false,false,,false,false,2020-05-04T20:03:50.000Z,0
CVE-2019-19344,https://securityvulnerability.io/vulnerability/CVE-2019-19344,,"There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.",Red Hat,Samba,6.5,MEDIUM,0.003980000037699938,false,false,false,false,,false,false,2020-01-21T00:00:00.000Z,0
CVE-2019-14907,https://securityvulnerability.io/vulnerability/CVE-2019-14907,,"All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with ""log level = 3"" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).",Red Hat,Samba,6.5,MEDIUM,0.008259999565780163,false,false,false,false,,false,false,2020-01-21T00:00:00.000Z,0
CVE-2019-14861,https://securityvulnerability.io/vulnerability/CVE-2019-14861,,"All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the (poorly named) dnsserver RPC pipe provides administrative facilities to modify DNS records and zones. Samba, when acting as an AD DC, stores DNS records in LDAP. In AD, the default permissions on the DNS partition allow creation of new records by authenticated users. This is used for example to allow machines to self-register in DNS. If a DNS record was created that case-insensitively matched the name of the zone, the ldb_qsort() and dns_name_compare() routines could be confused into reading memory prior to the list of DNS entries when responding to DnssrvEnumRecords() or DnssrvEnumRecords2() and so following invalid memory as a pointer.",Red Hat,Samba,5.3,MEDIUM,0.017249999567866325,false,false,false,false,,false,false,2019-12-10T22:19:05.000Z,0
CVE-2019-14870,https://securityvulnerability.io/vulnerability/CVE-2019-14870,,"All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.",Red Hat,Samba,5.4,MEDIUM,0.0033499998971819878,false,false,false,false,,false,false,2019-12-10T00:00:00.000Z,0