JetBrains Hub 代码问题漏洞

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A code issue vulnerability exists in versions of JetBrains Hub prior to 2023.1.15725, which stems from a lack of server request forgery protecti...

SUSE CVE-2023-28625

modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...

CodeIgniter Shield 安全漏洞

CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. CodeIgniter Shield has a security vulnerability that stems from hashed passwords being easier to crack than expected...

SUSE CVE-2004-1001

Unknown vulnerability in the passwdcheck function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pamchauthtok function call is not properly handled...

SUSE CVE-2008-0003

Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server tog-pegasus, when compiled to use PAM and without PEGASUSUSEPAMSTANDALONEPROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different...

SUSE CVE-2018-1343

PAM exposure enabling unauthenticated access to remote host...

Vulnerability of the PAM module for Juniper Networks Junos OS and Junper Networks Junos OS Evolved, allowing a hacker to trigger a service failure

The vulnerability of the PAM module in Juniper Networks’ Junos OS and Juniper Networks’ Junos OS Evolved is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

DEBIAN-CVE-2022-23527

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

mod_auth_openidc 输入验证错误漏洞

modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. An input validation error vulnerability exists in modauthopenidc prior to...

dovecot: Privilege escalation when similar master and non-master passdbs are used

A vulnerability was found in the Dovecot IMAP Server. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrect settings can lead...

pcs: improper authentication via PAM

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon allowed expired accounts and accounts with expired passwords to log in when using PAM authentication. Unprivileged, expired accounts with previously denied access could still log in...

The vulnerability of the pam_access.so function in the Linux-PAM authentication module allows a hacker to circumvent existing security restrictions.

The vulnerability of the pamaccess.so module of the Linux-PAM authentication module is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

Arvados 授权问题漏洞

Arvados is an open source platform for managing and analyzing biomedical big data. An authorization issue vulnerability exists in Arvados version 2.4.2 and prior versions, which stems from the fact that when a user is authenticated using the Portable Authentication Module PAM, Arvados can still b...

CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values...

CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values...

Exim 安全漏洞

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. A security vulnerability exists in Exim versions prior to 4.96, which stems from an invalid free in pamconverse in auths/callpam.c. The vulnerability is caused by the use of an invalid free...

PT-2022-23764 · Grommunio · Gromox

Name of the Vulnerable Software and Affected Versions: Grommunio Gromox versions 0.5 through 1.x before 1.28 Description: The issue is related to weak permissions on the configuration file in the PAM module, allowing a local unprivileged user in the gromox group to execute arbitrary code upon...

The vulnerability of the microprogramming software in the integrated facial authentication module of Intel RealSense ID Solution F450 allows a intruder to disclose protected information.

The vulnerability of the microprogramming software in the integrated facial authentication module of Intel RealSense ID Solution F450 is related to initialization errors. Exploiting this vulnerability can allow attackers to disclose protected information...

Oracle MySQL 输入验证错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and an input validation error vulnerability exists in Oracle MySQL 8.0.28 and earlier versions, which originates in the PAM Auth component of MySQL...