211 matches found
openSUSE: Security Advisory for salt (SUSE-SU-2022:2178-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
samba: out-of-bounds read in winbind AUTH_CRAP
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbinddpamauthcrap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manage...
Rocky Linux 9 : pcs (RLSA-2022:7935)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7935 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using...
SUSE-SU-2023:3066-1 Security update for samba
This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lmresplen was not checked properly in winbinddpamauthcrapsend bsc1213174. - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability bsc1213173. - CVE-2023-34967: Fix...
SUSE CVE-2003-1562
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...
SUSE CVE-2007-5360
Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUSUSEPAMSTANDALONEPROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than...
SUSE CVE-2022-21457
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...
SUSE CVE-2022-21455
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...
Oracle Linux 8 : pcs (ELSA-2022-10031)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-10031 advisory. 0.10.14-5.0.1 - Replace HAM-logo.png with a generic one 0.10.14-5 - Fixed ruby socket permissions - Resolves: rhbz2116838 0.10.14-4 - Fixed enable sbd from web...
Oracle Linux 9 : pcs (ELSA-2022-10007)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-10007 advisory. 0.11.3-4 - Fixed ruby socket permissions - Resolves: rhbz2116841 0.11.3-3 - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether...
AlmaLinux 9 : pcs (ALSA-2022:7935)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7935 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using P...
Rocky Linux 8 : pcs (RLSA-2022:7447)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7447 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using...
AlmaLinux 8 : pcs (ALSA-2022:7447)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7447 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using P...
RLSA-2022:7447 Moderate: pcs security, bug fix, and enhancement update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: improper authentication via PAM CVE-2022-1049 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
Moderate: pcs security, bug fix, and enhancement update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: improper authentication via PAM CVE-2022-1049 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...
Authorization Bypass
github.com/mohammed90/caddy-ssh is vulnerable to authorization bypass. The vulnerability is due to incorrect usage of the pam authentication module, using the pamauthenticate method without using the pamacctmgmt method call afterward. In specific situations, an attacker can leverage this flaw to...
CVE-2022-39238 Improper Authentication in Arvados when using PAM as identity provider
Arvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules PAM for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host such...
mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022)
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...
Debian dla-3108 : pcs - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3108 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3108-1 [email protected] https://www.debian.org/lts/security/...