Max CVSS | 7.9 | Min CVSS | 4.0 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2011-3636 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the management interface in FreeIPA before 2.1.4 allows remote attackers to hijack the authentication of administrators for requests that make configuration changes.
|
13-02-2023 - 01:21 | 08-12-2011 - 11:55 | |
CVE-2016-5404 | 4.0 |
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission.
|
12-02-2023 - 23:24 | 07-09-2016 - 20:59 | |
CVE-2015-1827 | 5.0 |
The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of service (crash) via a group list request for a user th
|
12-02-2023 - 23:15 | 30-03-2015 - 14:59 | |
CVE-2016-2118 | 6.8 |
The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersona
|
29-08-2022 - 20:20 | 12-04-2016 - 23:59 | |
CVE-2017-2590 | 5.5 |
A vulnerability was found in ipa before 4.4. IdM's ca-del, ca-disable, and ca-enable commands did not properly check the user's permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable,
|
09-10-2019 - 23:26 | 27-07-2018 - 18:29 | |
CVE-2016-9575 | 6.5 |
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify p
|
09-10-2019 - 23:20 | 13-03-2018 - 13:29 | |
CVE-2012-4546 | 4.3 |
The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation L
|
22-04-2019 - 17:48 | 03-04-2013 - 00:55 | |
CVE-2012-6662 | 4.3 |
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not prope
|
14-07-2018 - 01:29 | 24-11-2014 - 16:59 | |
CVE-2012-5484 | 7.9 |
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate.
|
07-02-2013 - 05:01 | 27-01-2013 - 18:55 |