Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sssd vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv2
CVE-2013-0287
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 up to and including 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restriction...
Fedoraproject Sssd 1.9.4
Fedoraproject Sssd 1.9.0
Fedoraproject Sssd 1.9.1
Fedoraproject Sssd 1.9.2
Fedoraproject Sssd 1.9.3
3.7
CVSSv2
CVE-2013-0219
System Security Services Daemon (SSSD) prior to 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files.
Fedoraproject Sssd 0.5.0
Fedoraproject Sssd 1.8.0
Fedoraproject Sssd 1.5.8
Fedoraproject Sssd 1.7.0
Fedoraproject Sssd 0.3.1
Fedoraproject Sssd 1.2.3
Fedoraproject Sssd 1.9.1
Fedoraproject Sssd 1.5.2
Fedoraproject Sssd 1.0.4
Fedoraproject Sssd 1.6.4
Fedoraproject Sssd 1.8.2
Fedoraproject Sssd 1.5.13
Fedoraproject Sssd 0.7.1
Fedoraproject Sssd 1.4.0
Fedoraproject Sssd 1.2.2
Fedoraproject Sssd 1.1.92
Fedoraproject Sssd 1.2.4
Fedoraproject Sssd 1.9.2
Fedoraproject Sssd 1.8.5
Fedoraproject Sssd 1.5.0
Fedoraproject Sssd 1.5.5
Fedoraproject Sssd 1.8.6
5
CVSSv2
CVE-2013-0220
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) prior to 1.9.4 allow remote malicious users...
Fedoraproject Sssd 0.5.0
Fedoraproject Sssd 1.8.0
Fedoraproject Sssd 1.5.8
Fedoraproject Sssd 1.7.0
Fedoraproject Sssd 0.3.1
Fedoraproject Sssd 1.2.3
Fedoraproject Sssd 1.9.1
Fedoraproject Sssd 1.5.2
Fedoraproject Sssd 1.0.4
Fedoraproject Sssd 1.6.4
Fedoraproject Sssd 1.8.2
Fedoraproject Sssd 1.5.13
Fedoraproject Sssd 0.7.1
Fedoraproject Sssd 1.4.0
Fedoraproject Sssd 1.2.2
Fedoraproject Sssd 1.1.92
Fedoraproject Sssd 1.2.4
Fedoraproject Sssd 1.9.2
Fedoraproject Sssd 1.8.5
Fedoraproject Sssd 1.5.0
Fedoraproject Sssd 1.5.5
Fedoraproject Sssd 1.8.6
3.7
CVSSv2
CVE-2011-1758
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x prior to 1.5.7, when automatic ticket renewal and offline authentication are configured, uses a pathname string as a password, which allows local users to bypass Kerbe...
Fedoraproject Sssd 1.5.2
Fedoraproject Sssd 1.5.0
Fedoraproject Sssd 1.5.5
Fedoraproject Sssd 1.5.6.1
Fedoraproject Sssd 1.5.3
Fedoraproject Sssd 1.5.1
Fedoraproject Sssd 1.5.6
Fedoraproject Sssd 1.5.4
2.1
CVSSv2
CVE-2010-4341
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
Fedorahosted Sssd 1.4.0
Fedorahosted Sssd 1.4.1
Fedoraproject Sssd 1.3.0
Fedoraproject Sssd 1.5.0
5.1
CVSSv2
CVE-2010-2940
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled, allows remote malicious users to bypass the authentication requirements of pam_authenticate via an empty password.
Fedoraproject Sssd 1.3.0
3.7
CVSSv2
CVE-2010-0014
System Security Services Daemon (SSSD) prior to 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate malicious users to authenticate, via an arbitrary password, to the screen-locking program on a workstation that has any user...
Fedoraproject Sssd
Fedoraproject Sssd 0.6.1
Fedoraproject Sssd 0.5.0
Fedoraproject Sssd 0.99.1
Fedoraproject Sssd 0.99.0
Fedoraproject Sssd 0.7.1
Fedoraproject Sssd 0.7.0
Fedoraproject Sssd 0.3.3
Fedoraproject Sssd 0.3.2
Fedoraproject Sssd 0.3.0
Fedoraproject Sssd 0.2.1
Fedoraproject Sssd 0.3.1
Fedoraproject Sssd 0.4.1
Fedoraproject Sssd 0.6.0
Fedoraproject Sssd 0.4.0
7.5
CVSSv2
CVE-2009-2410
The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent malicious users to obtain access by sending the account's username, in conjun...
Fedorahosted Sssd 0.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2