VYPR

Sssd

by Fedorahosted

CVEs (6)

  • CVE-2021-33082May 12, 2022
    risk 0.00cvss epss 0.00

    Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

  • CVE-2021-33074May 12, 2022
    risk 0.00cvss epss 0.00

    Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

  • CVE-2012-3462Dec 26, 2019
    risk 0.00cvss epss 0.02

    A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.

  • CVE-2018-16838Mar 25, 2019
    risk 0.00cvss epss 0.01

    A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.

  • CVE-2010-4341Jan 25, 2011
    risk 0.00cvss epss 0.00

    The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.

  • CVE-2009-2410Jul 30, 2009
    risk 0.00cvss epss 0.02

    The local_handler_callback function in server/responder/pam/pam_LOCAL_domain.c in sssd 0.4.1 does not properly handle blank-password accounts in the SSSD BE database, which allows context-dependent attackers to obtain access by sending the account's username, in conjunction with…