354 matches found
PT-2025-6217 · Devolutions · Devolutions Server
Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.10.0 and earlier Description: The issue is related to improper password reset in the PAM Module, allowing an authenticated user to reuse the oracle user password after check-in due to a crash in the password...
PAM-PKCS#11 授权问题漏洞
PAM-PKCS11 is an OpenSC open source login module. An authorization issue vulnerability exists in PAM-PKCS11 versions prior to 0.6.13, which stems from not checking private key signatures in the default configuration, allowing an attacker to create a new token and log in with the user's public dat...
PAM-PKCS#11 代码问题漏洞
PAM-PKCS11 is an OpenSC open source login module. A code issue vulnerability exists in PAM-PKCS11 0.6.12 and earlier versions, which stems from an incorrect handling of a user's canceled PIN entry operation, resulting in a segmentation error that could cause a daemon using PAM to crash...
PT-2025-5378 · Pam · Pam
Name of the Vulnerable Software and Affected Versions: PAM affected versions not specified Description: A specific authentication strategy allows learning the ids of PAM users associated with certain authentication types. Recommendations: At the moment, there is no information about a newer versi...
Security update for pam_u2f
This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...
UBUNTU-CVE-2025-23013
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...
[SECURITY] Fedora 41 Update: pam-1.6.1-7.fc41
PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...
Important: Red Hat Security Advisory: pam:1.5.1 security update
An update for the pam:1.5.1 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: Red Hat Security Advisory: pam security update
An update for pam is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Important: pam:1.5.1 security update
Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: Improper Hostname Interpretation in pamaccess Leads to Access Control Bypass CVE-2024-10963 For more details about the...
pam: libpam: Libpam vulnerable to read hashed password
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
PT-2025-5896
Name of the Vulnerable Software and Affected Versions pam pkcs11 affected versions not specified Description The issue is related to errors in the authentication process of the PAM-PKCS11 module in Linux operating systems, specifically concerning the pam sm authenticate function. This could...
AZL-51729 CVE-2024-10041 affecting package pam for versions less than 1.5.3-4
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
DEBIAN-CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
UBUNTU-CVE-2024-10041
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...
OATH Toolkit 安全漏洞
OATH Toolkit is an open source toolkit from deepin. A security vulnerability exists in OATH Toolkit versions 2.6.7 through 2.6.11, which stems from a PAM module that allows a malicious user to compromise the environment when placing an OTP status file in a user's home directory...
GHSA-34QG-65M4-F23M Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>
Summary In Froxlor 2.1.9 and in the HEADs of the main, v2.2 and v2.1 branches , the XML templates in lib/configfiles/ set chmod 644 for /etc/pure-ftpd/db/mysql.conf, although that file contains . At least on Debian 12, all parent directories of /etc/pure-ftpd/db/mysql.conf are world readable by...
SUSE CVE-1999-0342
Linux PAM modules allow local users to gain root access using temporary files...
AZL-48322 CVE-2024-21165 affecting package mysql for versions less than 8.0.40-1
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...
UBUNTU-CVE-2024-21165
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successfu...