Lucene search
K

70 matches found

NVD
NVD
added 9 hours ago6 views

CVE-2026-14476

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS
Exploits0References2
CVE
CVE
added 10 hours ago4 views

CVE-2026-14476

CVE-2026-14476 : A path traversal flaw in SSSD’s AD GPO provider (ad_gpo_extract_smb_components()) does not sanitize .. in gPCFileSysPath, enabling an attacker with AD GPO management access to write files outside the GPO cache directory as root. In default RHEL with SELinux enforcing, this can in...

8CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 10 hours ago7 views

CVE-2026-14476 Sssd: sssd: gpo cache path traversal via unsanitized gpcfilesyspath allows kerberos authentication bypass

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS
Exploits0References2
EUVD
EUVD
added 10 hours ago5 views

EUVD-2026-42023

A path traversal flaw was found in SSSD's AD GPO provider. The adgpoextractsmbcomponents function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL...

8CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/06/23 3:37 a.m.11 views

EUVD-2026-38414

A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI Generic Security Service Application Programming Interface indicators when a trailing NULL termination is missing in the auth-indicators array. A remote attacker, under specific...

3.7CVSS5.8AI score0.00308EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

AlmaLinux 10 : sssd (ALSA-2025:21020)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:21020 advisory. sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems CVE-2025-11561 Tenable has extracted the preceding description...

8.8CVSS5.5AI score0.00756EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 8 : sssd-2.9.4-5.el8_10.3 (AXSA:2025-11068:06)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11068:06 advisory. sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems CVE-2025-11561 Tenable has extracted the preceding...

8.8CVSS5.5AI score0.00756EPSS
Exploits0References2
OSV
OSV
added 2026/01/02 4:58 p.m.1 views

SUSE-SU-2026:20014-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems bsc1244325...

8.8CVSS5.8AI score0.00756EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.2 views

SUSE SLED15: libipa_hbac-devel / libipa_hbac0 / libnfsidmap-sss / etc (SUSE-SU-2025:4247-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4247-1 advisory. - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos...

8.8CVSS6.8AI score0.00756EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.4 views

Oracle Linux 9 : sssd (ELSA-2025-20954)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-20954 advisory. 2.9.7-4.0.1.1 - Restore default debug level for ssscache Orabug: 32810448 Fri Oct 17 2025 Tomas Halman [email protected] - 2.9.7.4.1 - Resolves: RHEL-120298 -...

8.8CVSS5.5AI score0.00756EPSS
Exploits0References2
OSV
OSV
added 2025/11/27 11:13 a.m.2 views

SUSE-SU-2025:21084-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems bsc1251827 Other fixes: - Install file in krb5.conf.d to include sssd krb5 config snippets bsc1244325...

8.8CVSS7.3AI score0.00756EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/11/26 3:11 p.m.5 views

Security update for sssd

This update for sssd fixes the following issues: CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems bsc1251827 Other fixes: - Install file in krb5.conf.d to include sssd krb5 config snippets bsc1244325 Patch Instructions: To install this...

8.8CVSS7.2AI score0.00756EPSS
Exploits0References6
OSV
OSV
added 2025/11/26 2:26 p.m.2 views

SUSE-SU-2025:21066-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed default Kerberos configuration allowing privilege escalation on AD-joined Linux systems bsc1251827 Other fixes: - Install file in krb5.conf.d to include sssd krb5 config snippets bsc1244325...

8.8CVSS6.8AI score0.00756EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/11/26 8:57 a.m.7 views

Security update for sssd

This update for sssd fixes the following issues: CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin bsc1251827 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods li...

8.8CVSS7.3AI score0.00756EPSS
Exploits0References4
OSV
OSV
added 2025/11/26 8:56 a.m.2 views

SUSE-SU-2025:4247-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin bsc1251827...

8.8CVSS7AI score0.00756EPSS
Exploits0References3
OSV
OSV
added 2025/11/25 2:12 p.m.1 views

SUSE-SU-2025:4232-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin bsc1251827 Other fixes: - Install file in krb5.conf.d to include sssd krb5 config snippets bsc1244325...

8.8CVSS7.3AI score0.00756EPSS
Exploits0References4
OSV
OSV
added 2025/11/25 2:12 p.m.2 views

SUSE-SU-2025:4231-1 Security update for sssd

This update for sssd fixes the following issues: - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin bsc1251827 Other fixes: - Install file in krb5.conf.d to include sssd krb5 config snippets bsc1244325...

8.8CVSS6.2AI score0.00756EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.3 views

SUSE SLES15: libipa_hbac-devel / libipa_hbac0 / libsss_certmap-devel / etc (SUSE-SU-2025:4181-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4181-1 advisory. - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plug...

8.8CVSS6.8AI score0.00756EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.5 views

SUSE SLES15: libipa_hbac-devel / libipa_hbac0 / libsss_certmap-devel / etc (SUSE-SU-2025:4182-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4182-1 advisory. - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plug...

8.8CVSS6.8AI score0.00756EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.2 views

SUSE SLED15: libipa_hbac-devel / libipa_hbac0 / libsss_certmap-devel / etc (SUSE-SU-2025:4183-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4183-1 advisory. - CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling...

8.8CVSS6.8AI score0.00756EPSS
Exploits0References4
Rows per page
Query Builder