Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

31 – 40 of 187 results


CVE-2022-32745

Medium priority

Some fixes available 7 of 11

A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Fixed Fixed Ignored Needs evaluation
Show less packages

CVE-2022-32744

Medium priority

Some fixes available 7 of 11

A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Fixed Fixed Ignored Needs evaluation
Show less packages

CVE-2022-32742

Low priority

Some fixes available 7 of 11

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Fixed Fixed Vulnerable Needs evaluation
Show less packages

CVE-2022-2031

Medium priority

Some fixes available 7 of 11

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Fixed Fixed Ignored Vulnerable
Show less packages

CVE-2022-0336

Medium priority
Fixed

The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Fixed Not affected Not affected
Show less packages

CVE-2021-44142

High priority
Fixed

The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-44141

Low priority
Ignored

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Ignored Ignored Ignored Ignored
Show less packages

CVE-2021-43566

Low priority

Some fixes available 8 of 12

All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Fixed Fixed Vulnerable Needs evaluation
Show less packages

CVE-2021-3670

Low priority

Some fixes available 2 of 10

MaxQueryDuration not honoured in Samba AD DC LDAP

2 affected packages

ldb, samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldb Not in release Not affected Fixed Vulnerable Needs evaluation
samba Not affected Not affected Fixed Vulnerable Needs evaluation
Show less packages

CVE-2021-3738

Medium priority

Some fixes available 6 of 9

In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while...

1 affected packages

samba

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
samba Fixed Fixed Ignored Ignored
Show less packages