| Max CVSS | 6.8 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-1722 | 5.4 |
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unr
|
12-02-2023 - 23:40 | 27-04-2020 - 21:15 | |
| CVE-2016-5404 | 4.0 |
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
|
12-02-2023 - 23:24 | 07-09-2016 - 20:59 | |
| CVE-2016-2118 | 6.8 |
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersona
|
29-08-2022 - 20:20 | 12-04-2016 - 23:59 | |
| CVE-2019-14867 | 6.8 |
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data.
|
05-02-2020 - 00:15 | 27-11-2019 - 09:15 | |
| CVE-2017-2590 | 5.5 |
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable,
|
09-10-2019 - 23:26 | 27-07-2018 - 18:29 | |
| CVE-2016-9575 | 6.5 |
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify p
|
09-10-2019 - 23:20 | 13-03-2018 - 13:29 |