Max CVSS | 6.8 | Min CVSS | 2.7 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2019-3811 | 2.7 |
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem ac
|
29-05-2023 - 17:15 | 15-01-2019 - 15:29 | |
CVE-2018-16838 | 5.5 |
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
|
29-05-2023 - 17:15 | 25-03-2019 - 18:29 | |
CVE-2013-0220 | 5.0 |
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in System Security Services Daemon (SSSD) before 1.9.4
|
13-02-2023 - 04:38 | 24-02-2013 - 19:55 | |
CVE-2015-5292 | 6.8 |
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service (memory consumption) via a larg
|
13-02-2023 - 00:53 | 29-10-2015 - 16:59 | |
CVE-2018-10852 | 5.0 |
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available fo
|
09-10-2019 - 23:33 | 26-06-2018 - 14:29 | |
CVE-2017-12173 | 4.0 |
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a gi
|
09-10-2019 - 23:22 | 27-07-2018 - 16:29 | |
CVE-2014-0249 | 3.3 |
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
|
22-04-2019 - 17:48 | 11-06-2014 - 14:55 | |
CVE-2013-0287 | 4.9 |
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended
|
15-05-2013 - 03:34 | 21-03-2013 - 16:55 |