39 matches found
EUVD-2026-25871
authd: Primary group ID is incorrectly set to value of UID...
Astra Linux - уязвимость в sssd
A race condition flaw was identified in sssd, where the GPO policy is not consistently applied to authenticated users. This could lead to improper authorization issues, granting or denying access to resources inappropriately...
Ubuntu 26.04 LTS : authd vulnerability (USN-8212-1)
The remote Ubuntu 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8212-1 advisory. It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achiev...
USN-8212-1: authd vulnerability
It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achieve privilege escalation, or gain unauthorized access to files belonging to other users...
USN-8212-1 authd vulnerability
It was discovered that authd incorrectly assigned the primary group ID to users under certain conditions. A local attacker could possibly use this issue to achieve privilege escalation, or gain unauthorized access to files belonging to other users...
CVE-2023-7340
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...
CVE-2026-32984
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on the availability of...
EUVD-2026-16688
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...
EUVD-2025-209102
Wazuh Manager authd service in wazuh-manager packages through version 4.7.3 contains an improper restriction of client-initiated SSL/TLS renegotiation vulnerability that allows remote attackers to cause a denial of service by sending excessive renegotiation requests. Attackers can exploit the lac...
EUVD-2023-60542
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...
CVE-2026-32984
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on the availability of...
CVE-2023-7340
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...
CVE-2023-7340
CVE-2023-7340: Wazuh authd is affected by a heap-buffer overflow that can cause memory corruption and malformed heap data when fed specially crafted input, leading to a denial of service with low availability impact. The available documents consistently describe the vulnerability in Wazuh authd b...
CVE-2026-32983
The CVE-2026-32983 entry concerns Wazuh Manager’s authd service in wazuh-manager packages up to version 4.7.3. The vulnerability arises from an improper restriction on client-initiated SSL/TLS renegotiation, allowing remote attackers to induce a denial of service by sending excessive renegotiatio...
CVE-2026-32984 Heap buffer overflow in wazuh-authd
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on the availability of...
CVE-2026-32984
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low impact on the availability of...
CVE-2026-32984
CVE-2026-32984 describes a heap-buffer overflow in wazuh-authd. Attackers can supply specially crafted input to cause memory corruption and malformed heap data, enabling a denial-of-service condition with low availability impact to the authentication daemon. The available connected sources confir...
PT-2026-28267
Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulnerability to trigger a denial of service condition, resulting in low availability impact to the...
MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery
A buffer overflow vulnerability was discovered in the MUNGE authentication daemon munged. In affected versions, a local attacker can potentially leak secret cryptographic key material from the daemon's memory by sending a specially crafted message with an oversized address field. With the leaked...
MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery
A buffer overflow vulnerability was discovered in the MUNGE authentication daemon munged. In affected versions, a local attacker can potentially leak secret cryptographic key material from the daemon's memory by sending a specially crafted message with an oversized address field. With the leaked...