Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.4 views

Ubuntu 14.04 LTS : Salt vulnerabilities (USN-8153-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8153-1 advisory. Zach Malone discovered that Salt did not properly handle permissions to cache data. A local attacker could possibly use this issue to obtain sensitive...

5.6CVSS5.9AI score0.00873EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:9 a.m.2 views

SUSE CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

7CVSS8AI score0.63917EPSS
Exploits10References18
OSV
OSV
added 2019/10/17 6:15 p.m.2 views

ALPINE-CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

8.8CVSS6.8AI score0.63917EPSS
Exploits10References1
Prion
Prion
added 2017/03/17 9:59 a.m.20 views

Design/Logic Flaw

xrdp 0.9.1 calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pamlimits.so bypass...

7.5CVSS7AI score0.01177EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2013/10/09 12:0 a.m.52 views

RSA Authentication Agent for PAM protection bypass

Login attepts are not limited...

5CVSS4AI score0.01265EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2006/12/21 7:28 p.m.15 views

CVE-2006-6683

Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM...

7.8CVSS6.9AI score0.0132EPSS
Exploits0References2
Rows per page
Query Builder