Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix. CVE-2022-2031 Luke Howard reported that Samba AD users can bypass certain restrictions associated with changing passwords. A user who has been requested to change their password can exploit this to obtain and use tickets to other services. CVE-2022-32742 Luca Moro reported that a SMB1 client with write access to a share can cause server memory content to be leaked. CVE-2022-32744 Joseph Sutton reported that Samba AD users can forge password change requests for any user, resulting in privilege escalation. CVE-2022-32745 Joseph Sutton reported that Samba AD users can crash the server process with a specially crafted LDAP add or modify request. CVE-2022-32746 Joseph Sutton and Andrew Bartlett reported that Samba AD users can cause a use-after-free in the server process with a specially crafted LDAP add or modify request.