Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 6:53 p.m.7 views

CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS5.8AI score0.00246EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2025/11/06 5:15 a.m.4 views

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

8.8CVSS5.8AI score0.00756EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/11/06 2:35 a.m.3 views

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

8.8CVSS5.8AI score0.00756EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/11/06 2:33 a.m.2 views

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

8.8CVSS5.8AI score0.00756EPSS
Exploits0References6
CVE
CVE
added 2025/10/09 1:37 p.m.32 views

CVE-2025-11561

CVE-2025-11561 affects the System Security Services Daemon (SSSD) on Linux in default AD integration configurations. A fallback path from the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) to the an2ln plugin can be taken if AD attributes (e.g., userPrincipalName or samAccountN...

8.8CVSS6.1AI score0.00756EPSS
Exploits0References28
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-51116

Malicious code in bioql PyPI...

9.1CVSS6.6AI score0.00459EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/09 9:8 a.m.23 views

CVE-2024-12802

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN User Principal Name and SAM Security Account Manager account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and...

0.00459EPSS
Exploits0References1
SonicWall
SonicWall
added 2025/01/07 4:56 p.m.18 views

SSL-VPN MFA Bypass Due to UPN and SAM Account Handling in Microsoft AD

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN User Principal Name and SAM Security Account Manager account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and...

6.5CVSS5.8AI score0.00459EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.4 views

PT-2025-1026

Name of the Vulnerable Software and Affected Versions SonicWall SSL-VPN Gen6 affected versions not specified SonicWall SSL-VPN Gen7 affected versions not specified SonicWall SSL-VPN Gen8 affected versions not specified Description An authentication bypass exists in SonicWall SSL-VPN when integrat...

9.1CVSS6.5AI score0.00459EPSS
Exploits0References35
Citrix
Citrix
added 2023/09/20 12:0 a.m.7 views

LDAP authentication fails with error "user <username> not found" if using UPN to login Gateway

LDAP authentication fails if using UPN userPrincipalName to login Gateway. When running /tmp/aaad.debug log on NetScaler, the following error "user @domainname.com not found" is printed in logs. /usr/home/build/adc/usr.src/netscaler/aaad/ldapdrv.c528: receiveldapusersearchevent 0-2: ldapfirstentr...

7.3AI score
Exploits0
Microsoft KB
Microsoft KB
added 1970/01/01 12:0 a.m.6 views

Security update 1970-01-01

...

5.3AI score
Exploits0
Rows per page
Query Builder