threat
engine
.sh
Back
·
··:··
Home
/
Product
/
fedoraproject sssd
Product
fedoraproject sssd
19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-3758
< 2.9.5
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to
7.1
HIGH
CVE-2022-4254
>= 1.15.3 and < 2.3.1
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
8.8
HIGH
CVE-2021-3621
all versions
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire s
8.8
HIGH
CVE-2012-3462
all versions
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignor
8.8
HIGH
CVE-2018-16838
all versions
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission
5.4
MEDIUM
CVE-2019-3811
< 2.1
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory)
5.2
MEDIUM
CVE-2018-16883
>= 1.13.0 and < 2.0.0
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configu
2.5
LOW
CVE-2017-12173
< 1.16.0
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local c
4.3
MEDIUM
CVE-2018-10852
< 1.16.3
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means th
3.8
LOW
CVE-2015-5292
all versions
Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon
CVE-2014-0249
all versions
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group
CVE-2013-0287
all versions
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is us
CVE-2013-0220
<= 1.9.3
The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the
CVE-2013-0219
<= 1.9.3
System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, a
CVE-2011-1758
all versions
The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, whe
CVE-2010-4341
all versions
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows loca
CVE-2010-2940
all versions
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and
CVE-2010-0014
<= 1.0.0
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows
CVE-2009-2410
all versions
The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-passwo
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin