The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of FreeIPA

FreeIPA: privilege escalation via Local Account Name
An attacker can bypass restrictions via Local Account Name of FreeIPA, in order to escalate his privileges...
CVE-2020-10747-REJECT, VIGILANCE-VUL-32543
jQuery Core: Cross Site Scripting via HtmlPrefilter Regex
An attacker can trigger a Cross Site Scripting via HtmlPrefilter Regex of jQuery Core, in order to run JavaScript code in the context of the web site...
20200601, 20200602, 20200603, 20200604, 20200605, 6217392, 6253319, 6344075, 6367943, CERTFR-2020-AVI-310, CERTFR-2020-AVI-335, CERTFR-2020-AVI-797, cpujul2020, cpuoct2020, CVE-2020-11022, CVE-2020-11023, DRUPAL-SA-CORE-2020-002, DRUPAL-SA-CORE-2020-003, DSA-2020-270, DSA-4693-1, FEDORA-2020-0b32a59b54, FEDORA-2020-11be4b36d4, FEDORA-2020-7dddce530c, FEDORA-2020-8a15713da2, FEDORA-2020-fbb94073a1, K02453220, K66544153, KM03758436, NPM-1518, openSUSE-SU-2020:1060-1, openSUSE-SU-2020:1106-1, openSUSE-SU-2020:1888-1, OSA-2020-14, RHSA-2020:3936-01, RHSA-2020:4670-01, RHSA-2020:4847-01, TNS-2020-10, VIGILANCE-VUL-32007
Apache Tomcat: code execution via Enabled AJP Connector
An attacker can use a vulnerability via Enabled AJP Connector of Apache Tomcat, in order to run code...
bulletinapr2020, CERTFR-2020-AVI-112, cpujul2020, CVE-2020-1938, DLA-2133-1, DLA-2209-1, DSA-4673-1, DSA-4680-1, FEDORA-2020-04ac174fa9, FEDORA-2020-c870aa8378, HPESBUX04015, openSUSE-SU-2020:0345-1, openSUSE-SU-2020:0597-1, RHSA-2020:0855-01, RHSA-2020:0912-01, RHSA-2020:1478-01, RHSA-2020:1479-01, RHSA-2020:2779-01, RHSA-2020:2780-01, RHSA-2020:2781-01, RHSA-2020:2783-01, RHSA-2020:2840-01, SUSE-SU-2020:0598-1, SUSE-SU-2020:0631-1, SUSE-SU-2020:0632-1, SUSE-SU-2020:0725-1, SUSE-SU-2020:1111-1, SUSE-SU-2020:1126-1, SUSE-SU-2020:1272-1, SUSE-SU-2020:14342-1, VIGILANCE-VUL-31664
FreeIPA: buffer overflow via ber_scanf
An attacker can trigger a buffer overflow via ber_scanf() of FreeIPA, in order to trigger a denial of service, and possibly to run code...
CVE-2019-14867, FEDORA-2019-8e9093da55, FEDORA-2019-c64e1612f5, RHSA-2020:0378-01, RHSA-2020:1269-01, VIGILANCE-VUL-30986
FreeIPA: information disclosure via Command Logged Passwords
An attacker can bypass access restrictions to data via Command Logged Passwords of FreeIPA, in order to obtain sensitive information...
CVE-2019-10195, FEDORA-2019-8e9093da55, FEDORA-2019-c64e1612f5, RHSA-2020:0378-01, RHSA-2020:1269-01, VIGILANCE-VUL-30985
FreeIPA: two vulnerabilities via DNS Recursion / Amplification
An attacker can use several vulnerabilities via DNS Recursion / Amplification of FreeIPA...
VIGILANCE-VUL-30866
FreeIPA: privilege escalation via session cookie steling
An attacker can reuse a stolen session cookie for FreeIPA after user logout, in order to get his privileges...
1746944, CVE-2019-14826, VIGILANCE-VUL-30358
FreeIPA: privilege escalation via Authn/TOTP
An attacker can bypass restrictions via Authn/TOTP of FreeIPA, in order to escalate his privileges...
7262, FEDORA-2018-39051f69b7, VIGILANCE-VUL-27098
FreeIPA: information disclosure via Read Stage Users
An attacker can bypass access restrictions to data via Read Stage Users of FreeIPA, in order to obtain sensitive information...
1487697, CVE-2017-12169, VIGILANCE-VUL-25026
FreeIPA: Man-in-the-Middle via CA SubjectAltNames ACL
An attacker can act as a Man-in-the-Middle via CA SubjectAltNames ACL on FreeIPA, in order to read or write data in the session...
1360757, CVE-2016-5414, VIGILANCE-VUL-23094
Our database contains other pages. You can request a free trial to read them.

Display information about FreeIPA: