📦 Samba

This vulnerability affects Samba Active Directory Domain Controllers that issue RC4-HMAC encrypted Kerberos tickets even when stronger encryption is available. Attackers can exploit this to perform pr...

This CVE describes an infinite loop vulnerability in Samba's mdssvc RPC service for Spotlight. Attackers can send specially crafted RPC packets with a zero count value, causing the service to consume ...

CVE-2021-3738 is a use-after-free vulnerability in Samba's DCE/RPC implementation where shared database handles can reference invalid user credential state after connection termination. This could lea...

This vulnerability in Samba's DCE/RPC implementation allows attackers to bypass signature requirements by intercepting and modifying fragmented large requests. Attackers can inject malicious data into...

CVE-2020-25717 is a privilege escalation vulnerability in Samba's domain user mapping mechanism. Authenticated attackers can exploit this flaw to gain elevated privileges on Samba servers. This affect...

This vulnerability in Samba's Active Directory Domain Controller allows attackers to bypass Kerberos authentication by exploiting confusion about user identity when Kerberos PAC (Privilege Attribute C...

This vulnerability in Samba allows attackers to cause a denial-of-service by sending specially crafted domain name strings with spaces. When Samba processes these malformed DN strings, it writes a zer...

This vulnerability in Samba's libldb allows an attacker to crash the LDAP server process by sending LDAP requests with multiple consecutive leading spaces in attributes. This is an out-of-bounds write...

CVE-2020-1472 (Zerologon) is a critical authentication bypass vulnerability in Microsoft's Netlogon protocol that allows unauthenticated attackers to gain domain administrator privileges. It affects W...