Lucene search
+L

213 matches found

OSV
OSV
added 2016/04/07 9:27 a.m.7 views

SUSE-SU-2016:0972-1 Security update for salt

salt was updated to fix one security issue. This security issue was fixed: - CVE-2016-3176: Insecure configuration of PAM external authentication service. Authenticating were able to specify the PAM service bsc972436...

5.6CVSS5.6AI score0.00873EPSS
Exploits0References3
OSV
OSV
added 2016/04/07 9:27 a.m.6 views

SUSE-SU-2016:0970-1 Security update for salt

salt was updated to fix one security issue. This security issue was fixed: - CVE-2016-3176: Insecure configuration of PAM external authentication service. Authenticating were able to specify the PAM service bsc972436...

5.6CVSS5.6AI score0.00873EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2016/03/17 12:0 a.m.17 views

salt -- Insecure configuration of PAM external authentication service

SaltStack reports: This issue affects all Salt versions prior to 2015.8.8/2015.5.10 when PAM external authentication is enabled. This issue involves passing an alternative PAM authentication service with a command that is sent to LocalClient, enabling the attacker to bypass the configured...

5.6CVSS4.2AI score0.00873EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2016/03/03 12:0 a.m.17 views

OpenVPN -- Buffer overflow in PAM authentication and DoS through port sharing

Samuli Seppänen reports: OpenVPN 2.3.11 ... fixes two vulnerabilities: a port-share bug with DoS potential and a buffer overflow by user supplied data when using pam authentication...

2.7AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/12/22 12:0 a.m.46 views

Scientific Linux Security Update : openssh on SL7.x x86_64 (20151119)

A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users...

8.5CVSS6.7AI score0.09302EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2015/12/15 12:0 a.m.65 views

Amazon Linux AMI : openssh (ALAS-2015-625)

A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as other users. It w...

8.5CVSS6.5AI score0.09302EPSS
Exploits1References4
Amazon
Amazon
added 2015/12/14 12:0 a.m.68 views

Medium: openssh

Issue Overview: A flaw was found in the way OpenSSH handled PAM authentication when using privilege separation. An attacker with valid credentials on the system and able to fully compromise a non-privileged pre-authentication process using a different flaw could use this flaw to authenticate as...

8.5CVSS8.3AI score0.09302EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/12/02 12:0 a.m.232 views

CentOS 7 : openssh (CESA-2015:2088)

Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

8.5CVSS6.9AI score0.09302EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2015/11/20 12:0 a.m.50 views

RedHat Update for openssh RHSA-2015:2088-06

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS6.7AI score0.09302EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2015/11/20 12:0 a.m.64 views

RHEL 7 : openssh (RHSA-2015:2088)

Updated openssh packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

8.5CVSS6.9AI score0.09302EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2015/08/19 12:0 a.m.54 views

Ubuntu 14.04 LTS : OpenSSH regression (USN-2710-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2710-2 advisory. USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default...

8.5CVSS6.5AI score0.09302EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2015/08/17 12:0 a.m.114 views

Ubuntu 14.04 LTS : OpenSSH vulnerabilities (USN-2710-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2710-1 advisory. Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the...

8.5CVSS7.2AI score0.09302EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2015/08/15 12:0 a.m.50 views

Ubuntu: Security Advisory (USN-2710-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS6.5AI score0.09302EPSS
Exploits1References2
OSV
OSV
added 2015/08/14 3:26 p.m.11 views

USN-2710-1 openssh vulnerabilities

Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. CVE number pending Moritz Jodeit...

8.5CVSS6.7AI score0.09302EPSS
Exploits1References3
Ubuntu
Ubuntu
added 2015/08/14 3:26 p.m.170 views

USN-2710-1: OpenSSH vulnerabilities

Moritz Jodeit discovered that OpenSSH incorrectly handled usernames when using PAM authentication. If an additional vulnerability were discovered in the OpenSSH unprivileged child process, this issue could allow a remote attacker to perform user impersonation. CVE number pending Moritz Jodeit...

8.5CVSS6.7AI score0.09302EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2014/06/03 2:55 p.m.2 views

CVE-2013-0191

libpam-pgsql aka pampgsql 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password...

5CVSS5.6AI score0.01758EPSS
Exploits1References11
Cent OS
Cent OS
added 2013/11/26 1:32 p.m.94 views

openssh, pam_ssh_agent_auth security update

CentOS Errata and Security Advisory CESA-2013:1591 Updated openssh packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common...

7.5CVSS6.7AI score0.1651EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.23 views

Oracle Linux 5 : Critical: / tog-pegasus (ELSA-2008-0002)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2008-0002 advisory. 2.6.1-2.el51.1.0.1 - Added pegasus-enterprise.patch to allow detection of enterprise-release 2.6.1-2.el51.1 - Fix PAM authentication buffer overflow CVE-2008-00...

10CVSS5.8AI score0.07809EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2012/09/10 12:0 a.m.30 views

Slackware: Security Advisory (SSA:2003-266-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.08575EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.19 views

Scientific Linux Security Update : tog-pegasus on SL5.x, SL4.x i386/x86_64

During a security audit, a stack-based buffer overflow flaw was found in the PAM authentication code in the OpenPegasus CIM management server. An unauthenticated remote user could trigger this flaw and potentially execute arbitrary code with root privileges. CVE-2008-0003 Users of tog-pegasus...

10CVSS6.4AI score0.07809EPSS
Exploits1References2
Rows per page
Query Builder