Vulnerability of the Server component: PAM Auth Plugin of the MySQL Server database management system, which allows attackers to induce a service failure.

The vulnerability of the MySQL Server component’s PAM Auth Plugin is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL protocol...

Oracle MySQL Server 安全漏洞

Oracle MySQL is an open source relational database management system.MySQL Server mysqld is the MySQL server, the main program that performs most of the work in a MySQL installation. An unspecified vulnerability exists in the Server: PAM Auth Plugin component in Oracle MySQL Server 5.7.32 and...

CVE-2020-14871

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris...

Code injection

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris...

CVE-2020-14871

CVE-2020-14871 is a pre-authentication stack-based buffer overflow in the Solaris PAM library (parse_user_name) that can be triggered via SSH keyboard-interactive authentication. Affected: Oracle Solaris (versions including 10 and 11; some Solaris 9/11.0 configurations listed in sources). Root ca...

CVE-2020-14871

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris...

Oracle Solaris Critical Patch Update : oct2020_SRU11_4_24_75_2

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon t...

Oracle Solaris Critical Patch Update : oct2020_SRU11_3_36_23_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows...

The vulnerability of the SSOAuth software process of the Senstar Symphony video surveillance management platform allows a intruder to execute arbitrary code.

The vulnerability of the SSOAuth software component in the Senstar Symphony video surveillance management platform is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

PT-2020-4751 · Oracle · Oracle Solaris

Name of the Vulnerable Software and Affected Versions: Oracle Solaris versions 10 and 11 Description: The issue is related to a buffer overflow vulnerability in the Pluggable authentication module of Oracle Solaris, which can be exploited by an unauthenticated attacker with network access via...

SUSE-SU-2020:2648-1 Security update for SUSE Manager 3.2

This update for SUSE Manager 3.2 fixes the following issues: salt-netapi-client: - Refresh authentication module list to newer Salt versions spacewalk-admin: - Use the Salt API in authenticated and encrypted form bsc1175884, CVE-2020-8028 spacewalk-java: - Use the Salt API in authenticated and...

SUSE-SU-2020:2647-1 Security update for for SUSE Manager 4.1

This update for SUSE Manager 4.1 fixes the following issues: google-gson: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages. httpcomponents-client: - Use packages from SUSE:SLE-15-SP2:Update:Products:Manager41:Update to fix building other packages...

UBUNTU-CVE-2020-25269

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server...

pam_tacplus Log Message Disclosure Vulnerability

pamtacplus is a PAM module for authenticating users via TACACS + Terminal Access Controller Access Control System from Pawe Krawczyk Software Developers in the UK. A log information disclosure vulnerability exists in the support.c file in pamtacplus versions 1.3.8 through 1.5.1, which can be...

Linux: SSH UsePAM

UsePAM Enables the Pluggable Authentication Module interface. If set to SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of LDAP authentication modules (mod_auth_ldap and mod_auth_ldap2) in the Prosody Jabber/XMPP server allows attackers to access sensitive data, compromise its integrity, and cause service failures.

The vulnerability of the LDAP authentication modules modauthldap and modauthldap2 in the Prosody Jabber/XMPP server relates to the improper checking of the XMPP address during the determination of whether a user has administrative access. Exploiting this vulnerability can allow an attacker to gai...

The vulnerability of the PAM module’s Python interpreter allows attackers to increase their privileges.

The vulnerability of the PAM module’s Python interpreter involves insecure management of privileges. Exploiting this vulnerability allows attackers to elevate their privileges using a specially created binary file with a setuid flag...

USN-4314-1 libpam-krb5 vulnerability

Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code...

Cisco FTD Software Pluggable Authentication Module DoS (cisco-sa-20191002-ftd-fpmc-dos)

According to its self-reported version, Cisco Firepower Threat Defense FTD Software is affected by a vulnerability in the configuration of the Pluggable Authentication Module PAM due to improper resource management in the context of user session management. An authenticated, remote attacker can...

DEBIAN-CVE-2020-8086

The modauthldap and modauthldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the isadmin function. This grants remote entities admin-only functionality if their username matches the username of a local admin...