Lucene search
K

211 matches found

OpenVAS
OpenVAS
added 2024/03/04 12:0 a.m.20 views

openSUSE: Security Advisory for salt (SUSE-SU-2022:2178-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.01878EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/01/30 1:27 p.m.1 views

samba: out-of-bounds read in winbind AUTH_CRAP

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbinddpamauthcrap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manage...

5.9CVSS6.7AI score0.0153EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.23 views

Rocky Linux 9 : pcs (RLSA-2022:7935)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7935 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using...

8.8CVSS7.3AI score0.01825EPSS
Exploits1References27
OSV
OSV
added 2023/07/31 1:9 p.m.9 views

SUSE-SU-2023:3066-1 Security update for samba

This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lmresplen was not checked properly in winbinddpamauthcrapsend bsc1213174. - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability bsc1213173. - CVE-2023-34967: Fix...

7.5CVSS6.3AI score0.62606EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.6 views

SUSE CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

7.6CVSS8.5AI score0.05573EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.4 views

SUSE CVE-2007-5360

Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUSUSEPAMSTANDALONEPROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to PAM authentication, a different vulnerability than...

7.5CVSS8.4AI score0.15327EPSS
Exploits3References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.4 views

SUSE CVE-2022-21457

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

5.9CVSS5.7AI score0.02092EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.1 views

SUSE CVE-2022-21455

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS5.4AI score0.00866EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/11/29 12:0 a.m.29 views

Oracle Linux 8 : pcs (ELSA-2022-10031)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-10031 advisory. 0.10.14-5.0.1 - Replace HAM-logo.png with a generic one 0.10.14-5 - Fixed ruby socket permissions - Resolves: rhbz2116838 0.10.14-4 - Fixed enable sbd from web...

8.8CVSS7.5AI score0.01825EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/11/22 12:0 a.m.26 views

Oracle Linux 9 : pcs (ELSA-2022-10007)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-10007 advisory. 0.11.3-4 - Fixed ruby socket permissions - Resolves: rhbz2116841 0.11.3-3 - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether...

8.8CVSS7.5AI score0.01825EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/11/19 12:0 a.m.26 views

AlmaLinux 9 : pcs (ALSA-2022:7935)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7935 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using P...

8.8CVSS7.3AI score0.01825EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.16 views

Rocky Linux 8 : pcs (RLSA-2022:7447)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7447 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using...

8.8CVSS7.3AI score0.01825EPSS
Exploits1References17
Tenable Nessus
Tenable Nessus
added 2022/11/14 12:0 a.m.28 views

AlmaLinux 8 : pcs (ALSA-2022:7447)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7447 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using P...

8.8CVSS7.3AI score0.01825EPSS
Exploits1References2
OSV
OSV
added 2022/11/08 6:19 a.m.21 views

RLSA-2022:7447 Moderate: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: improper authentication via PAM CVE-2022-1049 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

6.3CVSS8.7AI score0.01825EPSS
Exploits1References16
AlmaLinux
AlmaLinux
added 2022/11/08 12:0 a.m.23 views

Moderate: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: improper authentication via PAM CVE-2022-1049 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

8.8CVSS1.6AI score0.01825EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2022/10/25 9:10 a.m.9 views

mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

4.9CVSS7.3AI score0.00866EPSS
Exploits0References4
Veracode
Veracode
added 2022/09/27 10:33 p.m.11 views

Authorization Bypass

github.com/mohammed90/caddy-ssh is vulnerable to authorization bypass. The vulnerability is due to incorrect usage of the pam authentication module, using the pamauthenticate method without using the pamacctmgmt method call afterward. In specific situations, an attacker can leverage this flaw to...

3.2AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/09/23 8:5 a.m.7 views

CVE-2022-39238 Improper Authentication in Arvados when using PAM as identity provider

Arvados is an open source platform for managing and analyzing biomedical big data. In versions prior to 2.4.3, when using Portable Authentication Modules PAM for user authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host such...

4.2CVSS8.7AI score0.00418EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/09/20 1:42 p.m.9 views

mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server...

5.9CVSS7.3AI score0.02092EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/09/16 12:0 a.m.32 views

Debian dla-3108 : pcs - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3108 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3108-1 [email protected] https://www.debian.org/lts/security/...

8.8CVSS7.3AI score0.01825EPSS
Exploits1References4
Rows per page
Query Builder