Lucene search
K

354 matches found

Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.7 views

PT-2025-6217 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.10.0 and earlier Description: The issue is related to improper password reset in the PAM Module, allowing an authenticated user to reuse the oracle user password after check-in due to a crash in the password...

5.4CVSS7AI score0.00323EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.4 views

PAM-PKCS#11 授权问题漏洞

PAM-PKCS11 is an OpenSC open source login module. An authorization issue vulnerability exists in PAM-PKCS11 versions prior to 0.6.13, which stems from not checking private key signatures in the default configuration, allowing an attacker to create a new token and log in with the user's public dat...

9.2CVSS7.6AI score0.00677EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.5 views

PAM-PKCS#11 代码问题漏洞

PAM-PKCS11 is an OpenSC open source login module. A code issue vulnerability exists in PAM-PKCS11 0.6.12 and earlier versions, which stems from an incorrect handling of a user's canceled PIN entry operation, resulting in a segmentation error that could cause a daemon using PAM to crash...

5.1CVSS4.5AI score0.00139EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.6 views

PT-2025-5378 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM affected versions not specified Description: A specific authentication strategy allows learning the ids of PAM users associated with certain authentication types. Recommendations: At the moment, there is no information about a newer versi...

5.3CVSS7.2AI score0.0024EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/01/20 9:4 a.m.2 views

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

7.8CVSS7.3AI score0.00397EPSS
Exploits0References4
OSV
OSV
added 2025/01/15 4:15 a.m.2 views

UBUNTU-CVE-2025-23013

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...

7.3CVSS5.8AI score0.00397EPSS
Exploits0References6
Fedora
Fedora
added 2024/11/29 3:30 a.m.18 views

[SECURITY] Fedora 41 Update: pam-1.6.1-7.fc41

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

7.4CVSS7.1AI score0.00798EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/11/25 7:26 p.m.33 views

Important: Red Hat Security Advisory: pam:1.5.1 security update

An update for the pam:1.5.1 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.4CVSS6.8AI score0.00798EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/11/25 3:29 p.m.234 views

Important: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

7.4CVSS6.8AI score0.00798EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2024/11/25 12:0 a.m.23 views

Important: pam:1.5.1 security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: Improper Hostname Interpretation in pamaccess Leads to Access Control Bypass CVE-2024-10963 For more details about the...

7.4CVSS7.6AI score0.00798EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/11/19 4:46 a.m.6 views

pam: libpam: Libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

4.7CVSS7.4AI score0.00265EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.2 views

PT-2025-5896

Name of the Vulnerable Software and Affected Versions pam pkcs11 affected versions not specified Description The issue is related to errors in the authentication process of the PAM-PKCS11 module in Linux operating systems, specifically concerning the pam sm authenticate function. This could...

9.7CVSS8AI score0.00677EPSS
Exploits0References28
OSV
OSV
added 2024/10/23 2:15 p.m.5 views

AZL-51729 CVE-2024-10041 affecting package pam for versions less than 1.5.3-4

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

4.7CVSS7AI score0.00265EPSS
Exploits0References1
OSV
OSV
added 2024/10/23 2:15 p.m.1 views

DEBIAN-CVE-2024-10041

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

4.7CVSS6.2AI score0.00265EPSS
Exploits0References1
OSV
OSV
added 2024/10/23 2:15 p.m.2 views

UBUNTU-CVE-2024-10041

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

4.7CVSS6.9AI score0.00265EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/10/04 12:0 a.m.5 views

OATH Toolkit 安全漏洞

OATH Toolkit is an open source toolkit from deepin. A security vulnerability exists in OATH Toolkit versions 2.6.7 through 2.6.11, which stems from a PAM module that allows a malicious user to compromise the environment when placing an OTP status file in a user's home directory...

7.1CVSS6.7AI score0.00341EPSS
Exploits0References10
OSV
OSV
added 2024/08/23 6:54 p.m.12 views

GHSA-34QG-65M4-F23M Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>

Summary In Froxlor 2.1.9 and in the HEADs of the main, v2.2 and v2.1 branches , the XML templates in lib/configfiles/ set chmod 644 for /etc/pure-ftpd/db/mysql.conf, although that file contains . At least on Debian 12, all parent directories of /etc/pure-ftpd/db/mysql.conf are world readable by...

8.4CVSS7.4AI score
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/08/06 4:49 a.m.5 views

SUSE CVE-1999-0342

Linux PAM modules allow local users to gain root access using temporary files...

6.2CVSS7AI score0.00329EPSS
Exploits0References2
OSV
OSV
added 2024/07/16 11:15 p.m.6 views

AZL-48322 CVE-2024-21165 affecting package mysql for versions less than 8.0.40-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS6.5AI score0.00904EPSS
Exploits0References1
OSV
OSV
added 2024/07/16 11:15 p.m.2 views

UBUNTU-CVE-2024-21165

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...

4.9CVSS7.2AI score0.00904EPSS
Exploits0References4
Rows per page
Query Builder