Skip to main content

Sssd

9 CVEs product

Monthly

CVE-2021-3621 HIGH PATCH This Week

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Sssd Virtualization Virtualization Host Enterprise Linux +4
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2019-3811 MEDIUM PATCH This Month

A vulnerability was found in sssd. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sssd Debian Linux Fedora Leap +1
NVD
CVSS 3.1
5.2
EPSS
0.7%
CVE-2018-16883 MEDIUM This Month

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sssd
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-10852 HIGH This Week

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Sssd Enterprise Linux Desktop Enterprise Linux Server +1
NVD
CVSS 3.0
7.5
EPSS
1.5%
CVE-2015-5292 MEDIUM This Month

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sssd
NVD
CVSS 2.0
6.8
EPSS
2.7%
CVE-2014-0249 LOW Monitor

The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Sssd Enterprise Linux
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2013-0287 MEDIUM PATCH This Month

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Sssd
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2013-0220 MEDIUM This Month

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sssd
NVD
CVSS 2.0
5.0
EPSS
1.9%
CVE-2013-0219 LOW Monitor

System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a. Rated low severity (CVSS 3.7). No vendor patch available.

Privilege Escalation Sssd Enterprise Linux
NVD
CVSS 2.0
3.7
EPSS
0.1%
EPSS 3% CVSS 8.8
HIGH PATCH This Week

A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Sssd Virtualization +6
NVD
EPSS 1% CVSS 5.2
MEDIUM PATCH This Month

A vulnerability was found in sssd. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Sssd Debian Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sssd
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Debian Linux Sssd +3
NVD
EPSS 3% CVSS 6.8
MEDIUM This Month

Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Sssd
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access. Rated low severity (CVSS 3.3). No vendor patch available.

Privilege Escalation Sssd Enterprise Linux
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable.

Privilege Escalation Sssd
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request function in responder/ssh/sshsrv_cmd.c in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Sssd
NVD
EPSS 0% CVSS 3.7
LOW Monitor

System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a. Rated low severity (CVSS 3.7). No vendor patch available.

Privilege Escalation Sssd Enterprise Linux
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy