251 matches found
CVE-2022-37030
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...
CVE-2022-37030
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...
CVE-2022-37030
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...
CVE-2022-37030
CVE-2022-37030 affects Grommunio Gromox: versions 0.5 through 1.x before 1.28. The issue is weak permissions on the PAM module’s configuration file, enabling a local unprivileged user in the gromox group to cause the PAM stack to execute arbitrary code when loading the module. Impact is local cod...
Design/Logic Flaw
A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module PAM of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. It is possible that after the...
pam_tacplus 安全漏洞
pamtacplus is a PAM module for authenticating users via TACACS + Terminal Access Controller Access Control System by the individual developer Paweł Krawczyk in the UK. A security vulnerability exists in pamtacplus before 1.4.1, which stems from the fact that pamsmacctmgmt does not zero out the ar...
Authorization Bypass
github.com/go-gitea/gitea is vulnerable to authorization bypass. The vulnerability exists in the Auth function in pam.go due to missing checks in the pam module, allowing a malicious attacker to log in and perform unauthorized actions...
Denial of service via insufficient metadata validation
The PAM module for fscrypt through v0.3.2 doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from...
GHSA-P93V-M2R2-4387 Denial of service via insufficient metadata validation
The PAM module for fscrypt through v0.3.2 doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from...
User login denial of service in github.com/google/fscrypt
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
GHSA-8VWM-8VJ8-RQJF User login denial of service in github.com/google/fscrypt
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
CVE-2022-25327
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
CVE-2022-25327
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
Code injection
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
UBUNTU-CVE-2022-25327
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
CVE-2022-25327 Local Denial of Service in fscrypt PAM module
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
CVE-2022-25327
CVE-2022-25327 affects the PAM module for fscrypt, where inadequate validation of fscrypt metadata files lets a local user craft malicious metadata to cause a denial of service, preventing other users from logging in. The documented remediation is to upgrade to version 0.3.3 or above. The connect...
CVE-2022-25327 Local Denial of Service in fscrypt PAM module
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
CVE-2022-25327
The PAM module for fscrypt doesn't adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a denial of service by creating a fscrypt metadata file that prevents other users from logging into the...
PT-2022-17215 · Fscrypt +1 · Fscrypt +1
Name of the Vulnerable Software and Affected Versions: fscrypt versions prior to 0.3.3 Description: The PAM module for fscrypt does not adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a...