24 matches found
CVE-2026-9801
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...
CVE-2026-9796 Keycloak: keycloak: privilege escalation via time-of-check to time-of-use (toctou) vulnerability
A flaw was found in Keycloak. An authenticated administrator with the manage-clients role can exploit a Time-of-check to time-of-use TOCTOU vulnerability in the name-based admin role checks. This allows the attacker to escalate their privileges to realm-admin for all users within the realm,...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the role rename endpoint. An attacker can gain unauthorize...
CVE-2026-3121
A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...
FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
Amazon Linux 2 : 389-ds-base, --advisory ALAS2-2025-3025 (ALAS-2025-3025)
The version of 389-ds-base installed on the remote host is prior to 1.3.10.2-17. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3025 advisory. A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to...
EUVD-2025-31739
Malicious code in bioql PyPI...
SUSE CVE-2025-7493
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
Linux Distros Unpatched Vulnerability : CVE-2025-7493
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate t...
FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
AZL-68190 CVE-2025-7493 affecting package 389-ds-base 3.1.1-10
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
CVE-2025-7493
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
UBUNTU-CVE-2025-7493
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA...
CVE-2025-7493
Consolidated observations from the CVE page and vendor advisories confirm a privilege escalation in FreeIPA (CVE-2025-7493) enabling host-to-domain-admin actions via improper krbCanonicalName validation (root@REALM). The issue is rated critical (CVSSv3.1: 9.1; Network, Privileges HIGH, User Inter...