Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeipa freeipa vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2015-5284
ipa-kra-install in FreeIPA prior to 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
Freeipa Freeipa
8.8
CVSSv3
CVE-2022-4254
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
Fedoraproject Sssd
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.1
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.1
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.2
8.8
CVSSv3
CVE-2021-3621
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an malicious user to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root ...
Fedoraproject Sssd 2.6.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Virtualization Host 4.0
Redhat Virtualization 4.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Fedoraproject Fedora 34
8.8
CVSSv3
CVE-2019-14867
A flaw was found in IPA, all 4.6.x versions prior to 4.6.7, all 4.7.x versions prior to 4.7.4 and all 4.8.x versions prior to 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated atta...
Freeipa Freeipa
Fedoraproject Fedora 30
Fedoraproject Fedora 31
1 Github repository
8.8
CVSSv3
CVE-2012-5631
ipa 3.0 does not properly check server identity before sending credential containing cookies
Freeipa Freeipa 3.0.0
8.8
CVSSv3
CVE-2019-10138
A flaw exists in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
Python Novajoin
8.8
CVSSv3
CVE-2017-11191
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exi...
Freeipa Freeipa 4.0.5
Freeipa Freeipa 4.1.1
Freeipa Freeipa 4.0.2
Freeipa Freeipa 4.6.0
Freeipa Freeipa 4.4.0
Freeipa Freeipa 4.0.0
Freeipa Freeipa 4.0.3
Freeipa Freeipa 4.1.0
Freeipa Freeipa 4.0.1
Freeipa Freeipa 4.0.4
Freeipa Freeipa 4.6.1
Freeipa Freeipa 4.5.0
Freeipa Freeipa 4.5.1
Freeipa Freeipa 4.5.2
Freeipa Freeipa 4.5.3
Freeipa Freeipa 4.4.1
Freeipa Freeipa 4.4.2
Freeipa Freeipa 4.4.3
Freeipa Freeipa 4.4.4
Freeipa Freeipa 4.3.3
Freeipa Freeipa 4.3.0
Freeipa Freeipa 4.3.1
7.5
CVSSv3
CVE-2017-12169
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security i...
Freeipa Freeipa
7.5
CVSSv3
CVE-2015-5179
FreeIPA might display user data improperly via vectors involving non-printable characters.
Freeipa Freeipa
6.5
CVSSv3
CVE-2023-5455
A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an malicious user to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and syst...
Freeipa Freeipa
Freeipa Freeipa 4.11.0
Fedoraproject Fedora 38
Fedoraproject Fedora 39
Fedoraproject Fedora 40
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux For Scientific Computing 7.0
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux For Power Little Endian 7.0
Redhat Enterprise Linux For Power Big Endian 7.0
Redhat Enterprise Linux For Ibm Z Systems 7.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.2
Redhat Enterprise Linux For Power Little Endian 8.0
Redhat Enterprise Linux For Ibm Z Systems 8.0
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.2
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions 8.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »