[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2017-7494":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":62,"aliases":103,"duplicate_of":9,"upstream":104,"downstream":105,"duplicates":140,"related":141,"reserved_at":9,"published_at":148,"modified_at":149,"state":150,"summary":151,"references_raw":160,"kevs":245,"epss":255,"epss_history":258,"metrics":455,"affected":464},"CVE-2017-7494","Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-94","Improper Control of Generation of Code ('Code Injection')","The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.","weakness","Draft","Base","Medium",[20,24,58],{"id":21,"name":22,"techniques":23},"CAPEC-242","Code Injection",[],{"id":25,"name":26,"techniques":27},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[28,39,46],{"id":29,"name":30,"tactics":31,"countermeasures":38},"T1027.006","HTML Smuggling",[32,35],{"id":33,"name":34},"TA0030","Defense Evasion",{"id":36,"name":37},"TA0005","Stealth",[],{"id":40,"name":41,"tactics":42,"countermeasures":45},"T1027.009","Embedded Payloads",[43,44],{"id":33,"name":34},{"id":36,"name":37},[],{"id":47,"name":48,"tactics":49,"countermeasures":52},"T1564.009","Resource Forking",[50,51],{"id":33,"name":34},{"id":36,"name":37},[53],{"id":54,"name":55,"tactic":56},"D3-FFV","File Format Verification",{"name":57},"Isolate",{"id":59,"name":60,"techniques":61},"CAPEC-77","Manipulating User-Controlled Variables",[],[63,77,85],{"_key":64,"name":65,"source":66,"url":67,"maturity":68,"reliability_score":69,"verified":70,"type":71,"platforms":72,"requires_auth":9,"exploitdb":74,"metasploit":9},"42060","Samba 3.5.0 - Remote Code Execution","exploit-database","https://www.exploit-db.com/exploits/42060","weaponized",0.8,true,"remote",[73],"linux",{"verified":70,"type":71,"platform":73,"file":75,"codes":76},"exploits/linux/remote/42060.py",[7],{"_key":78,"name":79,"source":66,"url":80,"maturity":68,"reliability_score":69,"verified":70,"type":71,"platforms":81,"requires_auth":9,"exploitdb":82,"metasploit":9},"42084","Samba 3.5.0 \u003C 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit)","https://www.exploit-db.com/exploits/42084",[73],{"verified":70,"type":71,"platform":73,"file":83,"codes":84},"exploits/linux/remote/42084.rb",[7],{"_key":86,"name":87,"source":88,"url":89,"maturity":68,"reliability_score":90,"verified":70,"type":71,"platforms":91,"requires_auth":70,"exploitdb":9,"metasploit":92},"MSF_EXPLOIT_LINUX_SAMBA_IS_KNOWN_PIPENAME","Samba is_known_pipename() Arbitrary Module Load","metasploit","https://github.com/rapid7/metasploit-framework/blob/master/modules/exploit/linux/samba/is_known_pipename.rb",1,[],{"fullname":93,"rank":94,"rank_name":95,"post_auth":70,"check":70,"notes":96},"exploit/linux/samba/is_known_pipename",600,"excellent",{"Stability":97,"SideEffects":99,"Reliability":101},[98],"crash-safe",[100],"ioc-in-logs",[102],"repeatable-session",[],[],[106,108,110,112,114,116,118,120,122,124,126,128,130,132,134,136,138],{"_key":107},"ALPINE-CVE-2017-7494",{"_key":109},"RHSA-2017:1270",{"_key":111},"RHSA-2017:1271",{"_key":113},"RHSA-2017:1272",{"_key":115},"RHSA-2017:1273",{"_key":117},"RHSA-2017:1390",{"_key":119},"SUSE-SU-2017:1391-1",{"_key":121},"SUSE-SU-2017:1392-1",{"_key":123},"SUSE-SU-2017:1393-1",{"_key":125},"SUSE-SU-2017:1396-1",{"_key":127},"OPENSUSE-SU-2024:11365-1",{"_key":129},"DLA-951-1",{"_key":131},"DSA-3860-1",{"_key":133},"MGASA-2017-0145",{"_key":135},"UBUNTU-CVE-2017-7494",{"_key":137},"USN-3296-1",{"_key":139},"DEBIAN-CVE-2017-7494",[],[142,143,144,145,146,147],{"_key":119},{"_key":121},{"_key":123},{"_key":125},{"_key":127},{"_key":133},"2017-05-30T18:00:00.000Z","2025-10-21T23:55:40.089Z","Analyzed",{"cisa_kev":70,"cisa_ransomware":70,"cisa_vendor":152,"epss_severity":153,"epss_score":154,"severity":155,"severity_score":156,"severity_version":157,"severity_source":158,"severity_vector":159,"severity_status":150},"Samba","critical",0.94176,"high",10,"v2.0","nvd","AV:N/AC:L/Au:N/C:C/I:C/A:C",[161,169,175,181,186,192,197,201,206,210,214,219,223,227,231,235,239],{"url":162,"sources":163,"tags":165},"http://www.securityfocus.com/bid/98636",[164,158],"cve.org",[166,167,168],"VDB Entry","X Refsource BID","Third Party Advisory",{"url":170,"sources":171,"tags":172},"http://www.debian.org/security/2017/dsa-3860",[164,158],[173,174,168],"Vendor Advisory","X Refsource DEBIAN",{"url":176,"sources":177,"tags":178},"https://www.exploit-db.com/exploits/42084/",[164,158],[179,180,168,166],"Exploit","X Refsource EXPLOIT DB",{"url":182,"sources":183,"tags":184},"https://access.redhat.com/errata/RHSA-2017:1270",[164,158],[173,185,168],"X Refsource REDHAT",{"url":187,"sources":188,"tags":189},"https://www.samba.org/samba/security/CVE-2017-7494.html",[164,158],[190,191,173],"X Refsource CONFIRM","Patch",{"url":193,"sources":194,"tags":195},"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-095-01+Security+Notification+Umotion+V1.1.pdf&p_Doc_Ref=SEVD-2018-095-01",[164,158],[196,168],"X Refsource MISC",{"url":198,"sources":199,"tags":200},"https://access.redhat.com/errata/RHSA-2017:1390",[164,158],[173,185,168],{"url":202,"sources":203,"tags":204},"http://www.securitytracker.com/id/1038552",[164,158],[166,205,168],"X Refsource SECTRACK",{"url":207,"sources":208,"tags":209},"https://access.redhat.com/errata/RHSA-2017:1273",[164,158],[173,185,168],{"url":211,"sources":212,"tags":213},"https://access.redhat.com/errata/RHSA-2017:1271",[164,158],[173,185,168],{"url":215,"sources":216,"tags":217},"https://security.gentoo.org/glsa/201805-07",[164,158],[173,218,168],"X Refsource GENTOO",{"url":220,"sources":221,"tags":222},"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03759en_us",[164,158],[190,168],{"url":224,"sources":225,"tags":226},"https://access.redhat.com/errata/RHSA-2017:1272",[164,158],[173,185,168],{"url":228,"sources":229,"tags":230},"https://security.netapp.com/advisory/ntap-20170524-0001/",[164,158],[190,168],{"url":232,"sources":233,"tags":234},"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03755en_us",[164,158],[190,168],{"url":236,"sources":237,"tags":238},"https://www.exploit-db.com/exploits/42060/",[164,158],[179,180,168,166],{"url":240,"sources":241,"tags":242},"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7494",[164,158],[243,244],"Government Resource","US Government Resource",[246],{"source":247,"vendor":152,"product":152,"date_added":248,"vulnerability_name":249,"short_description":250,"required_action":251,"due_date":252,"known_ransomware_campaign_use":253,"notes":254,"exploitation_type":9},"cisa","2023-03-30","Samba Remote Code Execution Vulnerability","Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.","Apply updates per vendor instructions.","2023-04-20","Known","https://www.samba.org/samba/security/CVE-2017-7494.html; https://nvd.nist.gov/vuln/detail/CVE-2017-7494",{"date":256,"score":154,"percentile":257},"2026-06-04",0.99922,[259,262,264,266,269,271,273,275,277,280,282,284,286,288,290,294,296,298,300,302,304,306,309,311,313,315,317,319,322,324,326,328,330,332,334,336,338,340,342,344,346,348,350,352,354,358,360,363,366,368,370,373,375,377,379,381,383,385,387,390,392,394,396,398,400,402,404,406,408,410,412,414,416,418,420,422,425,427,430,432,434,436,438,440,443,445,447,449,451,453],{"date":260,"score":261,"percentile":257},"2025-11-04",0.94243,{"date":263,"score":261,"percentile":257},"2025-11-05",{"date":265,"score":261,"percentile":257},"2025-11-06",{"date":267,"score":261,"percentile":268},"2025-11-07",0.99921,{"date":270,"score":261,"percentile":257},"2025-11-08",{"date":272,"score":261,"percentile":257},"2025-11-09",{"date":274,"score":261,"percentile":257},"2025-11-10",{"date":276,"score":261,"percentile":257},"2025-11-11",{"date":278,"score":261,"percentile":279},"2025-11-12",0.99923,{"date":281,"score":261,"percentile":279},"2025-11-13",{"date":283,"score":261,"percentile":279},"2025-11-14",{"date":285,"score":261,"percentile":279},"2025-11-15",{"date":287,"score":261,"percentile":279},"2025-11-16",{"date":289,"score":261,"percentile":279},"2025-11-17",{"date":291,"score":292,"percentile":293},"2025-11-18",0.93629,0.99889,{"date":295,"score":292,"percentile":293},"2025-11-19",{"date":297,"score":292,"percentile":293},"2025-11-20",{"date":299,"score":261,"percentile":279},"2025-11-21",{"date":301,"score":261,"percentile":279},"2025-11-22",{"date":303,"score":261,"percentile":279},"2025-11-23",{"date":305,"score":261,"percentile":279},"2025-11-24",{"date":307,"score":261,"percentile":308},"2025-11-25",0.99924,{"date":310,"score":261,"percentile":308},"2025-11-26",{"date":312,"score":261,"percentile":308},"2025-11-27",{"date":314,"score":261,"percentile":308},"2025-11-28",{"date":316,"score":261,"percentile":308},"2025-11-29",{"date":318,"score":261,"percentile":279},"2025-11-30",{"date":320,"score":261,"percentile":321},"2025-12-01",0.99925,{"date":323,"score":261,"percentile":308},"2025-12-02",{"date":325,"score":261,"percentile":308},"2025-12-03",{"date":327,"score":261,"percentile":279},"2025-12-04",{"date":329,"score":261,"percentile":279},"2025-12-05",{"date":331,"score":261,"percentile":279},"2025-12-06",{"date":333,"score":261,"percentile":279},"2025-12-07",{"date":335,"score":261,"percentile":279},"2025-12-08",{"date":337,"score":261,"percentile":279},"2025-12-09",{"date":339,"score":261,"percentile":279},"2025-12-10",{"date":341,"score":261,"percentile":279},"2025-12-11",{"date":343,"score":261,"percentile":257},"2025-12-12",{"date":345,"score":261,"percentile":257},"2025-12-13",{"date":347,"score":261,"percentile":257},"2025-12-14",{"date":349,"score":261,"percentile":257},"2025-12-15",{"date":351,"score":261,"percentile":257},"2025-12-16",{"date":353,"score":261,"percentile":257},"2025-12-17",{"date":355,"score":356,"percentile":357},"2025-12-18",0.94211,0.99916,{"date":359,"score":356,"percentile":357},"2025-12-19",{"date":361,"score":356,"percentile":362},"2025-12-20",0.99917,{"date":364,"score":154,"percentile":365},"2025-12-21",0.99913,{"date":367,"score":154,"percentile":365},"2025-12-22",{"date":369,"score":154,"percentile":365},"2025-12-23",{"date":371,"score":154,"percentile":372},"2025-12-24",0.99912,{"date":374,"score":154,"percentile":372},"2025-12-25",{"date":376,"score":154,"percentile":372},"2025-12-26",{"date":378,"score":154,"percentile":365},"2025-12-27",{"date":380,"score":154,"percentile":372},"2025-12-28",{"date":382,"score":154,"percentile":372},"2025-12-29",{"date":384,"score":154,"percentile":372},"2025-12-30",{"date":386,"score":154,"percentile":372},"2025-12-31",{"date":388,"score":154,"percentile":389},"2026-01-01",0.99914,{"date":391,"score":154,"percentile":389},"2026-01-02",{"date":393,"score":154,"percentile":389},"2026-01-03",{"date":395,"score":154,"percentile":372},"2026-01-04",{"date":397,"score":154,"percentile":372},"2026-01-05",{"date":399,"score":154,"percentile":372},"2026-01-06",{"date":401,"score":154,"percentile":372},"2026-01-07",{"date":403,"score":154,"percentile":372},"2026-01-08",{"date":405,"score":154,"percentile":372},"2026-01-09",{"date":407,"score":154,"percentile":372},"2026-01-10",{"date":409,"score":154,"percentile":365},"2026-01-11",{"date":411,"score":154,"percentile":365},"2026-01-12",{"date":413,"score":154,"percentile":365},"2026-01-13",{"date":415,"score":154,"percentile":365},"2026-01-14",{"date":417,"score":154,"percentile":365},"2026-01-15",{"date":419,"score":154,"percentile":372},"2026-01-16",{"date":421,"score":154,"percentile":372},"2026-01-17",{"date":423,"score":154,"percentile":424},"2026-01-18",0.99911,{"date":426,"score":154,"percentile":424},"2026-01-19",{"date":428,"score":356,"percentile":429},"2026-01-20",0.99915,{"date":431,"score":356,"percentile":357},"2026-01-21",{"date":433,"score":356,"percentile":357},"2026-01-22",{"date":435,"score":356,"percentile":357},"2026-01-23",{"date":437,"score":356,"percentile":357},"2026-01-24",{"date":439,"score":154,"percentile":372},"2026-01-25",{"date":441,"score":442,"percentile":279},"2026-01-26",0.94245,{"date":444,"score":442,"percentile":279},"2026-01-27",{"date":446,"score":442,"percentile":279},"2026-01-28",{"date":448,"score":442,"percentile":279},"2026-01-29",{"date":450,"score":442,"percentile":308},"2026-01-30",{"date":452,"score":154,"percentile":365},"2026-01-31",{"date":454,"score":154,"percentile":429},"2026-02-01",[456,461],{"source":164,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":457,"cvss_v4_0":9},{"baseScore":458,"baseSeverity":459,"vectorString":460,"impactScore":458,"exploitabilityScore":156},9.8,"CRITICAL","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",{"source":158,"cvss_v2_0":462,"cvss_v3_0":9,"cvss_v3_1":463,"cvss_v4_0":9},{"baseScore":156,"baseSeverity":9,"vectorString":159,"impactScore":156,"exploitabilityScore":156},{"baseScore":458,"baseSeverity":459,"vectorString":460,"impactScore":458,"exploitabilityScore":156},[465,475],{"ecosystem":9,"name":466,"vendor":467,"product":468,"cpe_part":469,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":470},"debian linux","debian","debian_linux","o",[471],{"version":472,"is_range":473,"range_type":474,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",false,"cpe",{"ecosystem":9,"name":476,"vendor":476,"product":476,"cpe_part":477,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":478},"samba","a",[479,482,487,490,494],{"version":480,"is_range":473,"range_type":164,"version_start":480,"version_start_type":481,"version_end":480,"version_end_type":481,"fixed_in":9},"since 3.5.0","including",{"version":483,"is_range":70,"range_type":474,"version_start":484,"version_start_type":481,"version_end":485,"version_end_type":486,"fixed_in":9},"gte3.5.0_lt4.4.0","3.5.0","4.4.0","excluding",{"version":488,"is_range":70,"range_type":474,"version_start":485,"version_start_type":481,"version_end":489,"version_end_type":486,"fixed_in":9},"gte4.4.0_lt4.4.14","4.4.14",{"version":491,"is_range":70,"range_type":474,"version_start":492,"version_start_type":481,"version_end":493,"version_end_type":486,"fixed_in":9},"gte4.5.0_lt4.5.10","4.5.0","4.5.10",{"version":495,"is_range":70,"range_type":474,"version_start":496,"version_start_type":481,"version_end":497,"version_end_type":486,"fixed_in":9},"gte4.6.0_lt4.6.4","4.6.0","4.6.4"]