CVE-2025-30700

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks...

CVE-2025-30700

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks...

Oracle Solaris 安全漏洞

Oracle Solaris is a UNIX operating system from Oracle Corporation USA. A security vulnerability exists in Oracle Solaris version 11, which stems from a flaw in the Pluggable Authentication Module that could lead to data disclosure...

PT-2025-16434 · Oracle · Oracle Solaris

Name of the Vulnerable Software and Affected Versions: Oracle Solaris version 11 Description: The issue affects the Pluggable authentication module component of Oracle Solaris, allowing a low-privileged attacker with network access via HTTP to compromise the system. Successful attacks require hum...

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

Huawei HarmonyOS和Huawei EMUI 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An access control vulnerability exists in Huawei HarmonyOS and EMUI.The vulnerability stems from improper access...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A security bypass vulnerability exists in Huawei HarmonyOS and EMUI.The vulnerability stems from an access contro...

Huawei HarmonyOS和Huawei EMUI 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. An access control vulnerability exists in Huawei HarmonyOS and EMUI.The vulnerability stems from improper access...

CVE-2024-42533

SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GESTLOGIN parameter...

CVE-2024-42533

SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GESTLOGIN parameter...

CVE-2024-42533

CVE-2024-42533 describes a SQL injection in the authentication module of Convivance StandVoice versions 4.5–6.2 , allowing a remote attacker to execute arbitrary code via the GEST_LOGIN parameter. The issue stems from improper handling of authentication input, enabling code execution with high im...

Convivance StandVoice SQL注入漏洞

Convivance StandVoice is a telephone reception platform from Convivance. A security vulnerability exists in Convivance StandVoice versions 4.5 through 6.2, which stems from a SQL injection in the authentication module and could lead to a remote attacker executing arbitrary code via the GESTLOGIN...

USN-7363-1 pam-pkcs11 vulnerabilities

Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS11 did not properly handle certain return codes when authentication was not possible. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. CVE-2025-24531 It was...

SUSE-SU-2025:20231-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticatebsc1233517...

Odoo 访问控制错误漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed using Python language, PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. An access control...

AZL-57034 CVE-2025-1390 affecting package libcap for versions less than 2.69-2

The PAM module pamcap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to...

SUSE CVE-2025-24031

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pampkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, pamgetpwd will never initialize the password...

Devolutions Server 安全漏洞

Devolutions Server is an application from Devolutions Canada Inc. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2024.3.10.0 and earlier, which stems from an improper password reset in the PAM module that...

PT-2025-6217 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.10.0 and earlier Description: The issue is related to improper password reset in the PAM Module, allowing an authenticated user to reuse the oracle user password after check-in due to a crash in the password...

PAM-PKCS#11 授权问题漏洞

PAM-PKCS11 is an OpenSC open source login module. An authorization issue vulnerability exists in PAM-PKCS11 versions prior to 0.6.13, which stems from not checking private key signatures in the default configuration, allowing an attacker to create a new token and log in with the user's public dat...