CVE-2022-22215

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module PAM of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. It is possible that after the...

The vulnerability of the PAM auth function in the configuration management system and the remote execution of Salt operations allows a perpetrator to execute any commands they want.

The vulnerability of the PAM auth function in configuration management and remote execution of Salt operations is related to the absence of effective blocking for “locked accounts”. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

UBUNTU-CVE-2022-22967

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

OpenAM 安全漏洞

OpenAM Open Source Edition is an open source single sign-on framework. The product achieves transparent single sign-on e.g., centralized, distributed single sign-on in a network architecture by providing a core identity service Core Server. A security vulnerability exists in OpenAM that stems fro...

Intel BIOS firmware 安全漏洞

Intel BIOS firmware is a set of programs from the U.S. company Intel that are solidified onto a ROM chip on the motherboard inside a computer. A security vulnerability exists in Intel BIOS firmware, which arises from improper access control in the BIOS authentication code module and can be...

mod_auth_openidc: open redirect in oidc_validate_redirect_url()

A flaw was found in modauthopenidc where it does not sanitize redirection URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest...

CVE-2021-46167

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service DoS...

CVE-2021-46167

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service DoS...

CVE-2021-46167

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service DoS...

CVE-2021-46167

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service DoS...

PT-2022-12599 · Unknown · Wizplat Pd065

Name of the Vulnerable Software and Affected Versions: wizplat PD065 version 1.19 Description: An access control issue in the authentication module allows attackers to access sensitive data and cause a Denial of Service DoS. Recommendations: For wizplat PD065 version 1.19, consider temporarily...

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Mod_auth_openidc, allows a perpetrator to compromise data integrity.

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...

DEBIAN-CVE-2022-1049

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login...

CVE-2022-1049

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login...

UBUNTU-CVE-2022-1049

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login...

CVE-2021-46390

An access control issue in the authentication module of LexarF35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service DoS. An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information...

CVE-2021-46390

An access control issue in the authentication module of LexarF35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service DoS. An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information...

CVE-2021-46390

CVE-2021-46390 – Lexar_F35 v1.0.34 exhibits an access-control flaw in the authentication module of a Lexar USB flash drive. The vulnerability allows a local attacker with physical access to bypass password authentication by analyzing and manipulating the returned password verification/comparison ...

CVE-2021-46390

An access control issue in the authentication module of LexarF35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service DoS. An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information...

Lexar_F35 授权问题漏洞

LexarF35 is a USB flash drive from Lexar Corporation. A security vulnerability exists in LexarF35 version 1.0.34, which originates from an access control issue in the authentication module. The vulnerability can be exploited by an attacker to access sensitive data and cause a denial of service Do...