- How many CVEs does Samba have?
- Samba has 253 published CVE records since 1999, including 22 in the last two years.
- How many Samba CVEs are in CISA KEV?
- Yes — 2 of Samba's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.
- Which Samba products have the most CVEs?
- The Samba products with the most published CVEs are samba, rsync, cifs-utils, ppp, Samba mdssvc RPC service.
- What are the most common weakness types in Samba CVEs?
- Samba's CVEs most often map to these CWE weakness types: CWE-125 (Out-of-bounds Read), CWE-20 (Improper Input Validation), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-476 (NULL Pointer Dereference).
- Are there public exploits for Samba vulnerabilities?
- Yes — 35 of Samba's CVEs have a known public exploit.
- How many critical Samba vulnerabilities are there?
- Samba has 34 critical and 84 high-severity CVEs.
- What is the average severity of Samba CVEs?
- The average CVSS base score across Samba's scored CVEs is 6.7.