Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is a new-generation intelligent terminal operating system that provides a unified language for the intelligence, interconnection and collaboration of different devices, and brings simple, smooth, continuous, safe and reliable interaction experience in the whole scene. An access...

pam: libpam: Libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

PT-2025-5896

Name of the Vulnerable Software and Affected Versions pam pkcs11 affected versions not specified Description The issue is related to errors in the authentication process of the PAM-PKCS11 module in Linux operating systems, specifically concerning the pam sm authenticate function. This could...

OATH Toolkit 安全漏洞

OATH Toolkit is an open source toolkit from deepin. A security vulnerability exists in OATH Toolkit versions 2.6.7 through 2.6.11, which stems from a PAM module that allows a malicious user to compromise the environment when placing an OTP status file in a user's home directory...

PT-2025-2098 · Drupal · Drupal Facets

Name of the Vulnerable Software and Affected Versions: Drupal Facets versions 0.0.0 through 2.0.9 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS. This can be exploited by a remote attacker to hijack a user's...

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

CVE-2024-45586 Account Take Over Vulnerability

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

CVE-2024-45586

CVE-2024-45586 affects Symphony XTS Web Trading and Mobile Trading platforms, version 2.0.0.1_P160. The root cause is improper access controls in the Authentication module’s APIs. An authenticated, remote attacker can manipulate HTTP request parameters to perform an unauthorized account takeover ...

Symphony XTS Web Trader和Symphony XTS Mobile Trader 安全漏洞

Symphony XTS Web Trader and Symphony XTS Mobile Trader are both products of Symphony, Inc.Symphony XTS Web Trader is an advanced HTML5-based trading platform.Symphony XTS Mobile Trader is a native application for trading on iOS Symphony XTS Mobile Trader is a native application for trading on iOS...

The vulnerability of the PAM system for JumpServer is related to incorrect restrictions on the path name to the restricted directory. This allows a intruder to gain unauthorized access to read any files in the Celery container.

The vulnerability of the PAM system for privileged access control in JumpServer is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized read access to arbitrary files i...

PT-2024-27009 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM system affected versions not specified Description: An improper input validation in the PAM system allows an unauthenticated attacker to achieve remote command execution by sending a specially crafted HTTP request. Recommendations: At the...

CLSA-2024-1718796961 pam: Fix of CVE-2024-22365

CVE-2024-22365: use ODIRECTORY to prevent local DoS situations...

Drupal Drupal REST & JSON API Authentication module < 2.0.13 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Arek Suchecki in WordPress Module Drupal REST & JSON API Authentication versions 2.0.13...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a privilege authentication vulnerability in the wpasupplicant module. No detailed...

pam: allowing unprivileged user to block another user namespace

A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with /tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with pamnamespace configured will cause the openat in protectdir to...

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server Mod_auth_openidc, related to uncontrolled resource consumption, allows attackers to cause service interruptions.

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

CVE-2023-44112

Out-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality...

PT-2024-1375

Name of the Vulnerable Software and Affected Versions linux-pam versions prior to 1.6.0 Description The issue is related to the protect dir function in the pam namespace module of Linux-PAM, which is associated with incorrect resource cleanup or release. This can allow a remote attacker to cause ...