Lucene search
K

251 matches found

NVD
NVD
added 2022/08/04 11:15 p.m.11 views

CVE-2022-37030

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...

7.8CVSS0.00302EPSS
Exploits1References2
OSV
OSV
added 2022/08/04 11:15 p.m.13 views

CVE-2022-37030

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...

7.8CVSS7.5AI score
Exploits0References2
Cvelist
Cvelist
added 2022/08/04 10:4 p.m.19 views

CVE-2022-37030

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...

7.9AI score0.00302EPSS
Exploits1References2
CVE
CVE
added 2022/08/04 10:4 p.m.66 views

CVE-2022-37030

CVE-2022-37030 affects Grommunio Gromox: versions 0.5 through 1.x before 1.28. The issue is weak permissions on the PAM module’s configuration file, enabling a local unprivileged user in the gromox group to cause the PAM stack to execute arbitrary code when loading the module. Impact is local cod...

7.8CVSS7.7AI score0.00302EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/07/20 3:15 p.m.24 views

Design/Logic Flaw

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module PAM of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. It is possible that after the...

1.7CVSS5.5AI score0.00543EPSS
Exploits1References1Affected Software2
CNNVD
CNNVD
added 2022/04/21 12:0 a.m.3 views

pam_tacplus 安全漏洞

pamtacplus is a PAM module for authenticating users via TACACS + Terminal Access Controller Access Control System by the individual developer Paweł Krawczyk in the UK. A security vulnerability exists in pamtacplus before 1.4.1, which stems from the fact that pamsmacctmgmt does not zero out the ar...

9.8CVSS8.3AI score0.01187EPSS
Exploits0References3
Veracode
Veracode
added 2022/03/11 9:33 a.m.25 views

Authorization Bypass

github.com/go-gitea/gitea is vulnerable to authorization bypass. The vulnerability exists in the Auth function in pam.go due to missing checks in the pam module, allowing a malicious attacker to log in and perform unauthorized actions...

7.1CVSS4.4AI score0.00833EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/01 9:5 p.m.27 views

Denial of service via insufficient metadata validation

The PAM module for fscrypt through v0.3.2 doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from...

5.5CVSS3.1AI score0.0011EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/01 9:5 p.m.27 views

GHSA-P93V-M2R2-4387 Denial of service via insufficient metadata validation

The PAM module for fscrypt through v0.3.2 doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from...

5.5CVSS5.4AI score0.0011EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/02/26 12:0 a.m.33 views

User login denial of service in github.com/google/fscrypt

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

5.5CVSS3.4AI score0.0011EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/02/26 12:0 a.m.27 views

GHSA-8VWM-8VJ8-RQJF User login denial of service in github.com/google/fscrypt

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

5.5CVSS5.4AI score0.0011EPSS
Exploits0References4
NVD
NVD
added 2022/02/25 11:15 a.m.21 views

CVE-2022-25327

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

5.5CVSS0.0011EPSS
Exploits0References1
OSV
OSV
added 2022/02/25 11:15 a.m.21 views

CVE-2022-25327

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

5.5CVSS5.4AI score
Exploits0References1
Prion
Prion
added 2022/02/25 11:15 a.m.17 views

Code injection

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

2.1CVSS5.3AI score0.0011EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/02/25 11:15 a.m.3 views

UBUNTU-CVE-2022-25327

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

5.5CVSS5.8AI score0.0011EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2022/02/25 11:0 a.m.6 views

CVE-2022-25327 Local Denial of Service in fscrypt PAM module

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

5.5CVSS5.3AI score0.0011EPSS
Exploits0References1
CVE
CVE
added 2022/02/25 11:0 a.m.93 views

CVE-2022-25327

CVE-2022-25327 affects the PAM module for fscrypt, where inadequate validation of fscrypt metadata files lets a local user craft malicious metadata to cause a denial of service, preventing other users from logging in. The documented remediation is to upgrade to version 0.3.3 or above. The connect...

5.5CVSS5.5AI score0.0011EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/25 11:0 a.m.24 views

CVE-2022-25327 Local Denial of Service in fscrypt PAM module

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

5.5CVSS5.6AI score0.0011EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2022/02/25 11:0 a.m.50 views

CVE-2022-25327

The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...

5.5CVSS5.3AI score0.0011EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/02/25 12:0 a.m.4 views

PT-2022-17215 · Fscrypt +1 · Fscrypt +1

Name of the Vulnerable Software and Affected Versions: fscrypt versions prior to 0.3.3 Description: The PAM module for fscrypt does not adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a...

7.3CVSS5.7AI score0.00199EPSS
Exploits0References28
Rows per page
Query Builder