U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:samba:samba:4.19.1:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 9 matching records.
Displaying matches 1 through 9.
Vuln ID Summary CVSS Severity
CVE-2023-5568

A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.

Published: October 25, 2023; 2:17:43 PM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2018-14628

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

Published: January 17, 2023; 1:15:10 PM -0500 		V4.0:(not available)
 V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2022-38023

Netlogon RPC Elevation of Privilege Vulnerability

Published: November 09, 2022; 5:15:16 PM -0500 		V4.0:(not available)
 V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2022-37967

Windows Kerberos Elevation of Privilege Vulnerability

Published: November 09, 2022; 5:15:14 PM -0500 		V4.0:(not available)
 V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2022-37966

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

Published: November 09, 2022; 5:15:13 PM -0500 		V4.0:(not available)
 V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2022-32743

Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.

Published: September 01, 2022; 5:15:10 PM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-1615

In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.

Published: September 01, 2022; 5:15:08 PM -0400 		V4.0:(not available)
 V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2021-3670

MaxQueryDuration not honoured in Samba AD DC LDAP

Published: August 23, 2022; 12:15:09 PM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2011-2411

Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.

Published: October 02, 2011; 4:55:00 PM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 9.0 HIGH