CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017353)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017353 advisory. The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenSSH vulnerabilities (USN-8222-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8222-1 advisory. Christos Papakonstantinou discovered that the OpenSSH scp tool incorrectly handled the legacy scp protocol -O option. Thi...

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

CVE-2025-11561

CVE-2025-11561 affects the System Security Services Daemon (SSSD) on Linux in default AD integration configurations. A fallback path from the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) to the an2ln plugin can be taken if AD attributes (e.g., userPrincipalName or samAccountN...

EUVD-2015-8508

Malware in sbrugna...

EUVD-2022-15499

Malicious code in bioql PyPI...

EUVD-2024-51116

Malicious code in bioql PyPI...

Gather Ticket Granting Service (TGS) tickets for User Service Principal Names (SPN)

This module will try to find Service Principal Names that are associated with normal user accounts. Since normal accounts' passwords tend to be shorter than machine accounts, and knowing that a TGS request will encrypt the ticket with the account the SPN is running under, this could be used for a...

CVE-2024-12802

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN User Principal Name and SAM Security Account Manager account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and...

SSL-VPN MFA Bypass Due to UPN and SAM Account Handling in Microsoft AD

SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN User Principal Name and SAM Security Account Manager account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and...

PT-2025-1026

Name of the Vulnerable Software and Affected Versions SonicWall SSL-VPN Gen6 affected versions not specified SonicWall SSL-VPN Gen7 affected versions not specified SonicWall SSL-VPN Gen8 affected versions not specified Description An authentication bypass exists in SonicWall SSL-VPN when integrat...

CVE-2022-0336

...

CVE-2019-3870

...

LDAP authentication fails with error "user <username> not found" if using UPN to login Gateway

LDAP authentication fails if using UPN userPrincipalName to login Gateway. When running /tmp/aaad.debug log on NetScaler, the following error "user @domainname.com not found" is printed in logs. /usr/home/build/adc/usr.src/netscaler/aaad/ldapdrv.c528: receiveldapusersearchevent 0-2: ldapfirstentr...

SUSE CVE-2011-0281

The unparse implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service file descriptor exhaustion and daemon hang via a principal name that triggers use of a backslash escape...

SUSE CVE-2011-0282

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service NULL pointer dereference or buffer over-read, and daemon crash via a crafted principal name...

SUSE CVE-2015-8631

Multiple memory leaks in kadmin/server/serverstubs.c in kadmind in MIT Kerberos 5 aka krb5 before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service memory consumption via a request specifying a NULL principal name...