CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...

NX-OS Software Remote Code Execution Vulnerability in Multiple Cisco Products

Cisco Nexus 2000 Series Switches are switching devices.Fabric Modules are switch matrix modules.NX-OS Software is a set of data center-grade operating system software that runs on them. a set of data center-grade operating system software used by the switches. An input validation vulnerability...

Buffer overflow

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to craft a packet to the management interface on an affected system, causing a buffer overflow. The vulnerability is due to incorrect input validation in the authentication module of the...

IBM WebSphere MQ Denial of Service Vulnerability (CNVD-2018-17157)

IBM WebSphere MQ is a messaging middleware product from IBM, USA. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A security vulnerability exists in IBM WebSphere MQ versions 8.0 and 9.0 that originates from the program's use of the...

Security Bulletin: IBM Flex System Manager (FSM) is affected by a Pluggable Authentication Module (PAM) vulnerability (CVE-2013-7041)

Summary A security vulnerability was discovered in PAM that is embedded in the IBM FSM. This bulletin addresses this vulnerabilities. Vulnerability Details CVEID: CVE-2013-7041 DESCRIPTION: pamuserdb module for Pam could provide weaker than expected security, caused by an error in the strncasecmp...

Security Bulletin: A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem model V9000 (CVE-2015-3238)

Summary There is a vulnerability in Linux Pluggable Authentication Module PAM to which the IBM® FlashSystem™ V9000 is susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability Details CVEID:...

Security Bulletin: A vulnerability in the Linux Pluggable Authentication Module (PAM) affects the IBM FlashSystem model V840 (CVE-2015-3238)

Summary There is a vulnerability in the Linux Pluggable Authentication Module PAM to which the IBM® FlashSystem™ V840 is susceptible. An exploit of this vulnerability could allow a remote attacker to expose sensitive information and/or cause a denial of service. Vulnerability Details CVEID:...

ALPINE-CVE-2017-15710

In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to 2.4.29, modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset...

CVE-2018-1343

PAM exposure enabling unauthenticated access to remote host...

The vulnerability of the connected authentication module (PAM) of the Junos operating system, allowing a perpetrator to execute arbitrary code

The vulnerability of the Junos operating system’s authentication module PAM exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause failures in the “demons” that use PAM...

DEBIAN-CVE-2010-3845

libapache-authenhook-perl 2.00-04 stores usernames and passwords in plaintext in the vhost error log...

CVE-2017-6747

A vulnerability in the authentication module of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to bypass local authentication. The vulnerability is due to improper handling of authentication requests and policy assignment for externally authenticated users. An...

Multiple Pivotal Product Session Fixation Vulnerabilities

Cloud Foundry is an open source cloud computing platform. uAA is a user authentication module, a Java Spring project. A session fixation vulnerability exists in multiple Pivotal products. An attacker could hijack arbitrary sessions and gain unauthorized access to affected applications...

Debian DLA-988-1 : rt-authen-externalauth security update

It was discovered that RT::Authen::ExternalAuth, an external authentication module for Request Tracker, is vulnerable to timing side-channel attacks for user passwords. Only ExternalAuth in DBI database mode is vulnerable. For Debian 7 'Wheezy', these problems have been fixed in version...

Drupal Shibboleth authentication module access bypass vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Shibboleth Authentication is one of the user login and get access to the authentication module . An access bypass vulnerability exists in the Drupal Shibboleth authentication module...

UBUNTU-CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

xrdp elevation of privilege vulnerability

xrdp is an open source Remote Desktop Protocol RDP server developed by software developer Jay Sorg. An elevation of privilege vulnerability exists in xrdp version 0.9.1, which stems from a failure to properly initialize the PAM session module. An attacker can exploit this vulnerability to cause a...

DEBIAN-CVE-2017-6967

xrdp 0.9.1 calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pamlimits.so bypass...

Cloud Foundry Elevation of Privilege Vulnerability

Cloud Foundry is an open source cloud computing platform. uAA is a user authentication module, a Java Spring project. An elevated privilege vulnerability exists in Cloud Foundry UAA. An attacker could exploit this vulnerability to gain elevated privileges in an affected application and take full...

Buffer overflow

Buffer overflow in the Authentication, Authorization and Accounting AAA module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet...