CVE-2021-3621 — CVSS 8.8 (high): A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire…
CVE-2012-3462 — CVSS 8.8 (high): A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the…
CVE-2023-3758 — CVSS 7.1 (high): A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper…
CVE-2015-5292 — CVSS 6.8 (medium): Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD)…
CVE-2026-12610 — CVSS 6.4 (medium): A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where…
CVE-2018-16838 — CVSS 5.4 (medium): A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings…
CVE-2019-3811 — CVSS 5.2 (medium): A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead…
CVE-2010-2940 — CVSS 5.1 (medium): The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and…
CVE-2013-0220 — CVSS 5.0 (medium): The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3)…
CVE-2013-0287 — CVSS 4.9 (medium): The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does…
CVE-2017-12173 — CVSS 4.3 (medium): It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and…
CVE-2018-10852 — CVSS 3.8 (low): The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone…
CVE-2010-0014 — CVSS 3.7 (low): System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows…
CVE-2013-0219 — CVSS 3.7 (low): System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows…
CVE-2011-1758 — CVSS 3.7 (low): The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when…
CVE-2014-0249 — CVSS 3.3 (low): The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group…
CVE-2018-16883 — CVSS 2.5 (low): sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration…
CVE-2010-4341 — CVSS 2.1 (low): The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users…