[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-4154":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":20,"aliases":21,"duplicate_of":9,"upstream":22,"downstream":23,"duplicates":42,"related":43,"reserved_at":9,"published_at":50,"modified_at":51,"state":52,"summary":53,"references_raw":62,"kevs":90,"epss":91,"epss_history":94,"metrics":356,"affected":369},"CVE-2023-4154","A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-787","Out-of-bounds Write","The product writes data past the end, or before the beginning, of the intended buffer.","weakness","Draft","Base","High",[],[],[],[],[24,26,28,30,32,34,36,38,40],{"_key":25},"ALPINE-CVE-2023-4154",{"_key":27},"SUSE-SU-2023:4046-1",{"_key":29},"SUSE-SU-2023:4096-1",{"_key":31},"SUSE-SU-2023:4059-1",{"_key":33},"OPENSUSE-SU-2024:13332-1",{"_key":35},"DSA-5525-1",{"_key":37},"UBUNTU-CVE-2023-4154",{"_key":39},"USN-6425-1",{"_key":41},"DEBIAN-CVE-2023-4154",[],[44,45,46,48,49],{"_key":27},{"_key":29},{"_key":47},"USN-6425-3",{"_key":31},{"_key":33},"2023-11-07T19:14:28.305Z","2024-08-02T07:17:12.144Z","Modified",{"cisa_kev":54,"cisa_ransomware":54,"cisa_vendor":9,"epss_severity":55,"epss_score":56,"severity":57,"severity_score":58,"severity_version":59,"severity_source":60,"severity_vector":61,"severity_status":52},false,"low",0.00397,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",[63,71,76,81,85],{"url":64,"sources":65,"tags":67},"https://access.redhat.com/security/cve/CVE-2023-4154",[60,66],"nvd",[68,69,70],"VDB Entry","X Refsource REDHAT","Third Party Advisory",{"url":72,"sources":73,"tags":74},"https://bugzilla.redhat.com/show_bug.cgi?id=2241883",[60,66],[75,69],"Issue Tracking",{"url":77,"sources":78,"tags":79},"https://bugzilla.samba.org/show_bug.cgi?id=15424",[60,66],[75,80],"Patch",{"url":82,"sources":83,"tags":84},"https://security.netapp.com/advisory/ntap-20231124-0002/",[60,66],[],{"url":86,"sources":87,"tags":88},"https://www.samba.org/samba/security/CVE-2023-4154.html",[60,66],[89],"Vendor Advisory",[],{"date":92,"score":56,"percentile":93},"2026-06-04",0.60858,[95,99,102,105,108,111,114,116,119,122,125,128,131,133,136,140,143,146,149,152,155,158,161,164,167,170,173,176,179,182,185,188,190,193,196,199,202,205,208,211,214,217,220,223,226,229,232,235,238,241,244,247,250,253,256,258,261,264,267,270,273,276,278,280,283,285,288,291,293,296,299,302,305,308,311,314,317,320,323,325,328,331,334,337,340,343,345,347,350,353],{"date":96,"score":97,"percentile":98},"2025-11-04",0.00314,0.54024,{"date":100,"score":97,"percentile":101},"2025-11-05",0.53985,{"date":103,"score":97,"percentile":104},"2025-11-06",0.54002,{"date":106,"score":97,"percentile":107},"2025-11-07",0.54027,{"date":109,"score":97,"percentile":110},"2025-11-08",0.54029,{"date":112,"score":97,"percentile":113},"2025-11-09",0.54026,{"date":115,"score":97,"percentile":104},"2025-11-10",{"date":117,"score":97,"percentile":118},"2025-11-11",0.54015,{"date":120,"score":97,"percentile":121},"2025-11-12",0.54041,{"date":123,"score":97,"percentile":124},"2025-11-13",0.5405,{"date":126,"score":97,"percentile":127},"2025-11-14",0.54051,{"date":129,"score":97,"percentile":130},"2025-11-15",0.54045,{"date":132,"score":97,"percentile":113},"2025-11-16",{"date":134,"score":97,"percentile":135},"2025-11-17",0.54013,{"date":137,"score":138,"percentile":139},"2025-11-18",0.00809,0.72077,{"date":141,"score":138,"percentile":142},"2025-11-19",0.72085,{"date":144,"score":138,"percentile":145},"2025-11-20",0.72092,{"date":147,"score":97,"percentile":148},"2025-11-21",0.54035,{"date":150,"score":97,"percentile":151},"2025-11-22",0.54031,{"date":153,"score":97,"percentile":154},"2025-11-23",0.53994,{"date":156,"score":97,"percentile":157},"2025-11-24",0.53986,{"date":159,"score":97,"percentile":160},"2025-11-25",0.53993,{"date":162,"score":97,"percentile":163},"2025-11-26",0.53996,{"date":165,"score":97,"percentile":166},"2025-11-27",0.54,{"date":168,"score":97,"percentile":169},"2025-11-28",0.53974,{"date":171,"score":97,"percentile":172},"2025-11-29",0.53957,{"date":174,"score":97,"percentile":175},"2025-11-30",0.53949,{"date":177,"score":97,"percentile":178},"2025-12-01",0.54099,{"date":180,"score":97,"percentile":181},"2025-12-02",0.54116,{"date":183,"score":97,"percentile":184},"2025-12-03",0.54111,{"date":186,"score":97,"percentile":187},"2025-12-04",0.53955,{"date":189,"score":97,"percentile":169},"2025-12-05",{"date":191,"score":97,"percentile":192},"2025-12-06",0.53973,{"date":194,"score":97,"percentile":195},"2025-12-07",0.53964,{"date":197,"score":97,"percentile":198},"2025-12-08",0.53965,{"date":200,"score":97,"percentile":201},"2025-12-09",0.5398,{"date":203,"score":97,"percentile":204},"2025-12-10",0.54038,{"date":206,"score":97,"percentile":207},"2025-12-11",0.54061,{"date":209,"score":97,"percentile":210},"2025-12-12",0.54088,{"date":212,"score":97,"percentile":213},"2025-12-13",0.54084,{"date":215,"score":97,"percentile":216},"2025-12-14",0.54074,{"date":218,"score":97,"percentile":219},"2025-12-15",0.54065,{"date":221,"score":97,"percentile":222},"2025-12-16",0.54077,{"date":224,"score":97,"percentile":225},"2025-12-17",0.54096,{"date":227,"score":97,"percentile":228},"2025-12-18",0.54132,{"date":230,"score":97,"percentile":231},"2025-12-19",0.54134,{"date":233,"score":97,"percentile":234},"2025-12-20",0.54122,{"date":236,"score":97,"percentile":237},"2025-12-21",0.54102,{"date":239,"score":97,"percentile":240},"2025-12-22",0.5408,{"date":242,"score":97,"percentile":243},"2025-12-23",0.54081,{"date":245,"score":97,"percentile":246},"2025-12-24",0.54091,{"date":248,"score":97,"percentile":249},"2025-12-25",0.54139,{"date":251,"score":97,"percentile":252},"2025-12-26",0.54133,{"date":254,"score":97,"percentile":255},"2025-12-27",0.54186,{"date":257,"score":97,"percentile":184},"2025-12-28",{"date":259,"score":97,"percentile":260},"2025-12-29",0.54092,{"date":262,"score":97,"percentile":263},"2025-12-30",0.54086,{"date":265,"score":97,"percentile":266},"2025-12-31",0.54103,{"date":268,"score":97,"percentile":269},"2026-01-01",0.54271,{"date":271,"score":97,"percentile":272},"2026-01-02",0.54251,{"date":274,"score":97,"percentile":275},"2026-01-03",0.54244,{"date":277,"score":97,"percentile":216},"2026-01-04",{"date":279,"score":97,"percentile":207},"2026-01-05",{"date":281,"score":97,"percentile":282},"2026-01-06",0.54067,{"date":284,"score":97,"percentile":260},"2026-01-07",{"date":286,"score":97,"percentile":287},"2026-01-08",0.54114,{"date":289,"score":97,"percentile":290},"2026-01-09",0.54106,{"date":292,"score":97,"percentile":266},"2026-01-10",{"date":294,"score":97,"percentile":295},"2026-01-11",0.54083,{"date":297,"score":97,"percentile":298},"2026-01-12",0.54037,{"date":300,"score":97,"percentile":301},"2026-01-13",0.54016,{"date":303,"score":97,"percentile":304},"2026-01-14",0.5406,{"date":306,"score":97,"percentile":307},"2026-01-15",0.54062,{"date":309,"score":97,"percentile":310},"2026-01-16",0.54085,{"date":312,"score":97,"percentile":313},"2026-01-17",0.54072,{"date":315,"score":97,"percentile":316},"2026-01-18",0.54064,{"date":318,"score":97,"percentile":319},"2026-01-19",0.54055,{"date":321,"score":97,"percentile":322},"2026-01-20",0.54057,{"date":324,"score":97,"percentile":316},"2026-01-21",{"date":326,"score":97,"percentile":327},"2026-01-22",0.54069,{"date":329,"score":97,"percentile":330},"2026-01-23",0.54112,{"date":332,"score":97,"percentile":333},"2026-01-24",0.54113,{"date":335,"score":97,"percentile":336},"2026-01-25",0.54073,{"date":338,"score":97,"percentile":339},"2026-01-26",0.54059,{"date":341,"score":97,"percentile":342},"2026-01-27",0.5407,{"date":344,"score":97,"percentile":310},"2026-01-28",{"date":346,"score":97,"percentile":243},"2026-01-29",{"date":348,"score":97,"percentile":349},"2026-01-30",0.54087,{"date":351,"score":97,"percentile":352},"2026-01-31",0.54093,{"date":354,"score":97,"percentile":355},"2026-02-01",0.54234,[357,362],{"source":60,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":358,"cvss_v4_0":9},{"baseScore":58,"baseSeverity":359,"vectorString":61,"impactScore":360,"exploitabilityScore":361},"HIGH",9.8,4.1,{"source":66,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":363,"cvss_v4_0":9},{"baseScore":364,"baseSeverity":365,"vectorString":366,"impactScore":367,"exploitabilityScore":368},6.5,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",6,7.2,[370],{"ecosystem":9,"name":371,"vendor":371,"product":371,"cpe_part":372,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":373},"samba","a",[374,382,386],{"version":375,"is_range":376,"range_type":377,"version_start":378,"version_start_type":379,"version_end":380,"version_end_type":381,"fixed_in":9},"gte4.0.0_lt4.17.12",true,"cpe","4.0.0","including","4.17.12","excluding",{"version":383,"is_range":376,"range_type":377,"version_start":384,"version_start_type":379,"version_end":385,"version_end_type":381,"fixed_in":9},"gte4.18.0_lt4.18.8","4.18.0","4.18.8",{"version":387,"is_range":376,"range_type":377,"version_start":388,"version_start_type":379,"version_end":389,"version_end_type":381,"fixed_in":9},"gte4.19.0_lt4.19.1","4.19.0","4.19.1"]