MGASA-2024-0176 Updated sssd packages fix security vulnerability

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. CVE-2023-3758...

Updated sssd packages fix security vulnerability

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. CVE-2023-3758...

SUSE SLES15 Security Update : sssd (SUSE-SU-2024:1578-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1578-1 advisory. - A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to imprope...

Fedora 38 : sssd (2024-44602bead8)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-44602bead8 advisory. Fix CVE-2023-3758 https://bugzilla.redhat.com/showbug.cgi?id=2275905 Tenable has extracted the preceding description block directly from the Fedora security...

SUSE CVE-2023-3758

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately...

CVE-2023-3758

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately...

UBUNTU-CVE-2023-3758

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately...

CVE-2023-3758

CVE-2023-3758 affects the System Security Services Daemon (SSSD). A race condition causes GPO policy to be inconsistently applied for authenticated users, leading to improper authorization (granting or denying access). Publicly referenced advisories confirm this issue across multiple distribution...

sssd: Race condition during authorization leads to GPO policies functioning inconsistently

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately...

PT-2024-3761

Name of the Vulnerable Software and Affected Versions sssd affected versions not specified Description A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to...

SAP NetWeaver Authorization Issues Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. SAP NetWeaver has an authorization issue vulnerability that stems from a security misconfiguration in the...

WordPress Plugin Pods 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security...

SonicWall SonicOS Authorization Issues Vulnerability

SonicWALL SonicOS is a set of operating systems designed for SonicWall firewall appliances from SonicWALL, Inc. An authorization issue vulnerability exists in SonicWall SonicOS version 7.1.1-7040 that stems from incorrect authentication. A remote attacker could exploit the vulnerability by...

CVE-2022-23180 Contact Form & Lead Form Elementor Builder Plugin < 1.7.4 - Multiple Subscriber+ Settings Update

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...

2023 OWASP Top-10 Series: API5:2023 Broken Function Level Authorization

Welcome to the 6th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API5:2023 Broken Function Level Authorization. In this series we are taking an in-depth look at each category – the details, the...

Online Security Guards Hiring System Cross-Site Scripting Vulnerability (CNVD-2023-64633)

Online Security Guards Hiring System is an online security guard hiring system. A security vulnerability exists in Online Security Guards Hiring System version v.1.0. The vulnerability can be exploited by an attacker to perform cross-site scripting attacks...

SAP Supplier Relationship Management Information Disclosure Vulnerability

SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. An information disclosure vulnerability exists in SA...

Hospital Management System SQL Injection Vulnerability (CNVD-2023-64634)

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. Hospital Management System version 1.0 suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulati...

WordPress Plugin OAuth Single Sign On – SSO 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin OAuth Single Sign On - SSO OAuth Client...

Apache InLong Authorization Issues Vulnerability

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. An authorization issue vulnerability exists in Apache InLong versions 1.2.0 through 1.6.0. The vulnerability stems from improper privilege management. An attacker can exploit the vulnerabili...