Debian/sssd — 23 CVEs

Loading…

All known vulnerabilities

HIGH8.8CVE-2025-11561A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems.

from 0

HIGH8.8CVE-2022-4254sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

from 0, < 2.3.1-1

HIGH8.8CVE-2021-3621sssd - security update

from 0, < 1.15.0-3+deb9u2

HIGH8.8sssd - security update

from 0, < 2.4.1-2+deb11u1

HIGH8.8sssd - security update

from 0, < 2.4.1-2+deb11u1

HIGH8.8A flaw was found in SSSD version 1.9.0.

from 0, < 1.10.0-1

HIGH8.8It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and…

from 0, < 1.15.3-2

HIGH7.5sssd - security update

from 0, < 1.16.3-1

HIGH7.5sssd - security update

from 0, < 1.11.7-3+deb8u1

HIGH7.1A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users.

from 0, < 2.4.1-2+deb11u1

MEDIUM5.5A flaw was found in the System Security Services Daemon (SSSD).

from 0

MEDIUM5.5sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration pa…

from 0, < 2.2.0-1

MEDIUM5.4sssd - security update

from 0, < 2.2.0-1

MEDIUM5.4sssd - security update

from 0, < 1.16.3-3.2+deb10u1

MEDIUM5.2sssd - security update

from 0, < 1.11.7-3+deb8u2

MEDIUM5.2sssd - security update

from 0, < 2.2.0-1

—Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.…

from 0, < 1.13.1-1

—The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membersh…

from 0, < 1.11.7-1

—The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_c…

from 0, < 1.8.4-2

—System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows loc…

from 0, < 1.8.4-2

—The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users t…

from 0, < 1.2.1-4.1

—The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymou…

from 0, < 1.2.1-4

—System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physicall…

from 0, < 1.0.5-1

pkg:Debian/sssd

✅ Check your installed version

All known vulnerabilities