Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

CVE-2025-46590

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions...

Ensure That Old Passwords Are Verified When Users Change Them

To prevent a third party from maliciously changing the password of another user, the old password must be verified when a user changes the password. According to the common practice in the industry, the old password does not need to be verified when the root user changes its own password. The roo...

CVE-2025-46590

CVE-2025-46590 describes a bypass vulnerability in Huawei HarmonyOS's network search instruction authentication module. The issue allows an attacker to bypass authentication and gain access to some network search functions. Connected documents consistently attribute the flaw to the web search com...

CVE-2025-46590

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions...

CVE-2025-46590

Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions...

PT-2025-19977 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a bypass vulnerability in the network search instruction authentication module. Successful exploitation of this vulnerability can bypass authentication and enable access t...

The vulnerability of the Linux-PAM authentication module, related to the insecure storage of confidential information, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Linux-PAM authentication module is related to the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data

A flaw was found in modauthopenidc, an OpenID Connect authentication module for Apache HTTP Server. This vulnerability allows unauthenticated users to access protected content via crafted HTTP POST requests to protected resources when no application-level gateway is present...

RHSA-2025:3997 Red Hat Security Advisory: mod_auth_openidc:2.3 security update

Bulletin has no description...

RHEL 9 : mod_auth_openidc (RHSA-2025:3945)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:3945 advisory. The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connec...

CVE-2025-30700

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks...

Huawei HarmonyOS and EMUI Access Control Vulnerability (CNVD-2025-10517)

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An access control vulnerability exists in Huawei HarmonyOS and EMUI.The vulnerability stems from improper access...

Huawei HarmonyOS and EMUI Access Control Vulnerability (CNVD-2025-10515)

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An access control vulnerability exists in Huawei HarmonyOS and EMUI.The vulnerability stems from improper access...

Huawei HarmonyOS and EMUI Access Control Vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An access control vulnerability exists in Huawei HarmonyOS and EMUI.The vulnerability stems from improper access...

Oracle Solaris Critical Patch Update : apr2025_SRU11_4_78_189_2

The version of Solaris installed on the remote host is prior to 11.4.78.189.2. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11apr2025SRU114781892 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported...

Debian dla-4129 : libapache2-mod-auth-openidc - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4129 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4129-1 [email protected] https://www.debian.org/lts/security/...