5 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the APICall feature. An attacker can access sensitive internal resources and exfiltrate confidential data by supplying arbitrary URLs to the APICall feature, which are executed with elevated privilege...
MiracleLinux 7 : sssd-1.16.4-21.el7 (AXSA:2019-4334:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-4334:02 advisory. sssd: fallbackhomedir returns '/' for empty home directories in passwd file CVE-2019-3811 sssd: improper implementation of GPOs due to too restricti...
SUSE CVE-2018-16838
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access...
Feature and Permission Policies. Security issues
Introduction In order to help enhance the user experience of their site, companies may ask to use features of your browser, such as geolocation or notifications to produce a more tailored experience. Web site developers may configure the site or allow third-party content, loaded in frames, to use...
krb5: NULL pointer dereference when using a ticket policy name as a password policy name
If kadmind were used with an LDAP back end for the KDC database, a remote, authenticated attacker who has the permissions to set the password policy could crash kadmind by attempting to use a named ticket policy object as a password policy for a principal...