Samba Security Vulnerabilities (CVEs)
Track 14 security vulnerabilities affecting Samba products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability in rsync allows attackers to leak uninitialized stack memory one byte at a time by manipulating checksum length during file compari...
Jan 14, 2025This rsync vulnerability allows a malicious server to read arbitrary files from a client's machine during file transfer operations. Attackers can reco...
Jan 14, 2025A path traversal vulnerability in rsync's --safe-links option allows attackers to write files outside intended directories when the client fails to pr...
Jan 14, 2025This CVE describes an infinite loop vulnerability in Samba's mdssvc RPC service for Spotlight. Attackers can send specially crafted RPC packets with a...
Jul 20, 2023This vulnerability affects Samba Active Directory Domain Controllers that issue RC4-HMAC encrypted Kerberos tickets even when stronger encryption is a...
Mar 6, 2023A stack-based buffer overflow vulnerability in cifs-utils versions through 6.14 allows local attackers to escalate privileges to root when parsing the...
Apr 27, 2022CVE-2021-3738 is a use-after-free vulnerability in Samba's DCE/RPC implementation where shared database handles can reference invalid user credential ...
Mar 2, 2022This vulnerability in Samba's DCE/RPC implementation allows attackers to bypass signature requirements by intercepting and modifying fragmented large ...
Mar 2, 2022CVE-2020-25717 is a privilege escalation vulnerability in Samba's domain user mapping mechanism. Authenticated attackers can exploit this flaw to gain...
Feb 18, 2022This vulnerability in Samba's Active Directory Domain Controller allows attackers to bypass Kerberos authentication by exploiting confusion about user...
Feb 18, 2022A certificate validation flaw in rsync allows man-in-the-middle attacks when using rsync over SSL/TLS. Attackers can intercept and modify data transfe...
May 27, 2021This vulnerability in Samba allows attackers to cause a denial-of-service by sending specially crafted domain name strings with spaces. When Samba pro...
May 12, 2021This vulnerability in Samba's libldb allows an attacker to crash the LDAP server process by sending LDAP requests with multiple consecutive leading sp...
May 12, 2021CVE-2020-1472 (Zerologon) is a critical authentication bypass vulnerability in Microsoft's Netlogon protocol that allows unauthenticated attackers to ...
Aug 17, 2020Why Monitor Samba Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 14+ known vulnerabilities affecting Samba products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Samba packages in under 60 seconds. No agents required - completely agentless scanning that works across Samba deployments.
Free vulnerability database: Access detailed information about every Samba CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Samba CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
