Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A security bypass vulnerability exists in Huawei HarmonyOS and EMUI.The vulnerability stems from an access contro...

Huawei HarmonyOS和Huawei EMUI 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An access control vulnerability exists in Huawei HarmonyOS and EMUI.The vulnerability stems from improper access...

Huawei HarmonyOS和Huawei EMUI 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An access control vulnerability exists in Huawei HarmonyOS and EMUI.The vulnerability stems from improper access...

CVE-2024-42533

SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GESTLOGIN parameter...

CVE-2024-42533

SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GESTLOGIN parameter...

CVE-2024-42533

CVE-2024-42533 describes a SQL injection in the authentication module of Convivance StandVoice versions 4.5–6.2 , allowing a remote attacker to execute arbitrary code via the GEST_LOGIN parameter. The issue stems from improper handling of authentication input, enabling code execution with high im...

Convivance StandVoice SQL注入漏洞

Convivance StandVoice is a telephone reception platform from Convivance. A security vulnerability exists in Convivance StandVoice versions 4.5 through 6.2, which stems from a SQL injection in the authentication module and could lead to a remote attacker executing arbitrary code via the GESTLOGIN...

USN-7363-1 pam-pkcs11 vulnerabilities

Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS11 did not properly handle certain return codes when authentication was not possible. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. CVE-2025-24531 It was...

SUSE-SU-2025:20231-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticatebsc1233517...

Odoo 访问控制错误漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed using Python language, PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. An access control...

AZL-57034 CVE-2025-1390 affecting package libcap for versions less than 2.69-2

The PAM module pamcap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to...

SUSE CVE-2025-24031

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pampkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, pamgetpwd will never initialize the password...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.10.0 and earlier, which stems from an improper password reset in the PAM module that...

PT-2025-6217 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.10.0 and earlier Description: The issue is related to improper password reset in the PAM Module, allowing an authenticated user to reuse the oracle user password after check-in due to a crash in the password...

PT-2025-6067 · Unknown +2 · Pam Pkcs11 +2

Name of the Vulnerable Software and Affected Versions: PAM-PKCS11 versions 0.6.12 and prior Description: The issue affects a Linux-PAM login module that allows X.509 certificate-based user login. When a user presses ctrl-c/ctrl-d while being asked for a PIN, the pam pkcs11 module segfaults...

PAM-PKCS#11 授权问题漏洞

PAM-PKCS11 is an OpenSC open source login module. An authorization issue vulnerability exists in PAM-PKCS11 versions prior to 0.6.13, which stems from not checking private key signatures in the default configuration, allowing an attacker to create a new token and log in with the user's public dat...

PT-2025-5378 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM affected versions not specified Description: A specific authentication strategy allows learning the ids of PAM users associated with certain authentication types. Recommendations: At the moment, there is no information about a newer versi...

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

Huawei HarmonyOS Authentication Module Access Control Vulnerability

Huawei HarmonyOS is a new-generation intelligent terminal operating system that provides a unified language for the intelligence, interconnection and collaboration of different devices, and brings simple, smooth, continuous, safe and reliable interaction experience in the whole scene. An access...