Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
freeipa freeipa vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2019-10138
A flaw exists in the python-novajoin plugin, all versions up to, excluding 1.1.1, for Red Hat OpenStack Platform. The novajoin API lacked sufficient access control, allowing any keystone authenticated user to generate FreeIPA tokens.
Python Novajoin
4
CVSSv2
CVE-2017-12169
It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security i...
Freeipa Freeipa
6.5
CVSSv2
CVE-2017-11191
FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor states that issue does not exi...
Freeipa Freeipa 4.0.5
Freeipa Freeipa 4.1.1
Freeipa Freeipa 4.0.2
Freeipa Freeipa 4.6.0
Freeipa Freeipa 4.4.0
Freeipa Freeipa 4.0.0
Freeipa Freeipa 4.0.3
Freeipa Freeipa 4.1.0
Freeipa Freeipa 4.0.1
Freeipa Freeipa 4.0.4
Freeipa Freeipa 4.6.1
Freeipa Freeipa 4.5.0
Freeipa Freeipa 4.5.1
Freeipa Freeipa 4.5.2
Freeipa Freeipa 4.5.3
Freeipa Freeipa 4.4.1
Freeipa Freeipa 4.4.2
Freeipa Freeipa 4.4.3
Freeipa Freeipa 4.4.4
Freeipa Freeipa 4.3.3
Freeipa Freeipa 4.3.0
Freeipa Freeipa 4.3.1
5
CVSSv2
CVE-2015-5284
ipa-kra-install in FreeIPA prior to 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable.
Freeipa Freeipa
5
CVSSv2
CVE-2015-5179
FreeIPA might display user data improperly via vectors involving non-printable characters.
Freeipa Freeipa
5
CVSSv2
CVE-2015-1827
The get_user_grouplist function in the extdom plug-in in FreeIPA prior to 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote malicious users to cause a denial of service (crash) via a group list request for a user that belongs to a large ...
Freeipa Freeipa
Fedoraproject Fedora 22
Fedoraproject Fedora 21
4.3
CVSSv2
CVE-2014-7850
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x prior to 4.1.2 allows remote malicious users to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.
Freeipa Freeipa 4.0.3
Freeipa Freeipa 4.0.2
Freeipa Freeipa 4.0.1
Freeipa Freeipa 4.0.0
Freeipa Freeipa 4.1.0
Freeipa Freeipa 4.0.4
Freeipa Freeipa 4.1.1
Freeipa Freeipa 4.0.5
3.5
CVSSv2
CVE-2014-7828
FreeIPA 4.0.x prior to 4.0.5 and 4.1.x prior to 4.1.1, when 2FA is enabled, allows remote malicious users to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.
Freeipa Freeipa 4.0.0
Freeipa Freeipa 4.0.1
Freeipa Freeipa 4.0.2
Freeipa Freeipa 4.0.3
Freeipa Freeipa 4.0.4
Freeipa Freeipa 4.1.1
5
CVSSv2
CVE-2013-0336
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA prior to 3.2.0 allows remote malicious users to cause a denial of service (crash) via a connection request without a username/dn, related to the 389 d...
Redhat Freeipa 3.1.4
Redhat Freeipa
Redhat Freeipa 3.1.2
Redhat Freeipa 3.1.3
Redhat Freeipa 3.0.0
Redhat Freeipa 3.0.1
Redhat Freeipa 3.0.2
Redhat Freeipa 3.1.1
5
CVSSv2
CVE-2013-0199
The default LDAP ACIs in FreeIPA 3.0 prior to 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote malicious users to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
Redhat Freeipa 3.0.0
Redhat Freeipa 3.0.1
Redhat Freeipa 3.0.2
Redhat Freeipa 3.1.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »