exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 13

BDU:2025-14421

3 месяца назад

Уязвимость сервера FreeIpa, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии

CVSS3: 9.1

EPSS: Низкий

CVE-2025-7493

2 месяца назад

A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

CVSS3: 9.1

EPSS: Низкий

CVE-2025-7493

2 месяца назад

CVSS3: 9.1

EPSS: Низкий

CVE-2025-7493

2 месяца назад

A privilege escalation flaw from host to domain administrator was foun ...

CVSS3: 9.1

EPSS: Низкий

ROS-20251112-04

20 дней назад

Уязвимость 389-ds-base

CVSS3: 9.1

EPSS: Низкий

RLSA-2025:20994

10 дней назад

Important: ipa security update

EPSS: Низкий

RLSA-2025:17085

около 2 месяцев назад

Important: ipa security update

EPSS: Низкий

GHSA-vm59-52f9-r52r

2 месяца назад

CVSS3: 9.1

EPSS: Низкий

ELSA-2025-20928

7 дней назад

ELSA-2025-20928: ipa security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-17649

21 день назад

ELSA-2025-17649: ipa security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-17129

2 месяца назад

ELSA-2025-17129: idm:DL1 security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-17085

2 месяца назад

ELSA-2025-17085: ipa security update (IMPORTANT)

EPSS: Низкий

ELSA-2025-17084

2 месяца назад

ELSA-2025-17084: ipa security update (IMPORTANT)

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
BDU:2025-14421 Уязвимость сервера FreeIpa, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии	CVSS3: 9.1	0% Низкий	3 месяца назад
CVE-2025-7493 A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.	CVSS3: 9.1	0% Низкий	2 месяца назад
CVE-2025-7493 A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.	CVSS3: 9.1	0% Низкий	2 месяца назад
CVE-2025-7493 A privilege escalation flaw from host to domain administrator was foun ...	CVSS3: 9.1	0% Низкий	2 месяца назад
ROS-20251112-04 Уязвимость 389-ds-base	CVSS3: 9.1	0% Низкий	20 дней назад
RLSA-2025:20994 Important: ipa security update		0% Низкий	10 дней назад
RLSA-2025:17085 Important: ipa security update		0% Низкий	около 2 месяцев назад
GHSA-vm59-52f9-r52r A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.	CVSS3: 9.1	0% Низкий	2 месяца назад
ELSA-2025-20928 ELSA-2025-20928: ipa security update (IMPORTANT)			7 дней назад
ELSA-2025-17649 ELSA-2025-17649: ipa security update (IMPORTANT)			21 день назад
ELSA-2025-17129 ELSA-2025-17129: idm:DL1 security update (IMPORTANT)			2 месяца назад
ELSA-2025-17085 ELSA-2025-17085: ipa security update (IMPORTANT)			2 месяца назад
ELSA-2025-17084 ELSA-2025-17084: ipa security update (IMPORTANT)			2 месяца назад

Уязвимостей на страницу