PT-2025-6067 · Unknown +2 · Pam Pkcs11 +2

Name of the Vulnerable Software and Affected Versions: PAM-PKCS11 versions 0.6.12 and prior Description: The issue affects a Linux-PAM login module that allows X.509 certificate-based user login. When a user presses ctrl-c/ctrl-d while being asked for a PIN, the pam pkcs11 module segfaults...

PT-2025-5378 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM affected versions not specified Description: A specific authentication strategy allows learning the ids of PAM users associated with certain authentication types. Recommendations: At the moment, there is no information about a newer versi...

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

Security update for pam_u2f

This update for pamu2f fixes the following issues: CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticate bsc1233517 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you ca...

Huawei HarmonyOS Authentication Module Access Control Vulnerability

Huawei HarmonyOS is a new-generation intelligent terminal operating system that provides a unified language for the intelligence, interconnection and collaboration of different devices, and brings simple, smooth, continuous, safe and reliable interaction experience in the whole scene. An access...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is a new-generation intelligent terminal operating system that provides a unified language for the intelligence, interconnection and collaboration of different devices, and brings simple, smooth, continuous, safe and reliable interaction experience in the whole scene. An access...

pam: libpam: Libpam vulnerable to read hashed password

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

PT-2025-5896

Name of the Vulnerable Software and Affected Versions pam pkcs11 affected versions not specified Description The issue is related to errors in the authentication process of the PAM-PKCS11 module in Linux operating systems, specifically concerning the pam sm authenticate function. This could...

OATH Toolkit 安全漏洞

OATH Toolkit is an open source toolkit from deepin. A security vulnerability exists in OATH Toolkit versions 2.6.7 through 2.6.11, which stems from a PAM module that allows a malicious user to compromise the environment when placing an OTP status file in a user's home directory...

PT-2025-2098 · Drupal · Drupal Facets

Name of the Vulnerable Software and Affected Versions: Drupal Facets versions 0.0.0 through 2.0.9 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS. This can be exploited by a remote attacker to hijack a user's...

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

CVE-2024-45586

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

CVE-2024-45586 Account Take Over Vulnerability

This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms version 2.0.0.1P160. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which coul...

CVE-2024-45586

CVE-2024-45586 affects Symphony XTS Web Trading and Mobile Trading platforms, version 2.0.0.1_P160. The root cause is improper access controls in the Authentication module’s APIs. An authenticated, remote attacker can manipulate HTTP request parameters to perform an unauthorized account takeover ...

Symphony XTS Web Trader和Symphony XTS Mobile Trader 安全漏洞

Symphony XTS Web Trader and Symphony XTS Mobile Trader are both products of Symphony, Inc.Symphony XTS Web Trader is an advanced HTML5-based trading platform.Symphony XTS Mobile Trader is a native application for trading on iOS Symphony XTS Mobile Trader is a native application for trading on iOS...

The vulnerability of the PAM system for JumpServer is related to incorrect restrictions on the path name to the restricted directory. This allows a intruder to gain unauthorized access to read any files in the Celery container.

The vulnerability of the PAM system for privileged access control in JumpServer is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized read access to arbitrary files i...

PT-2024-27009 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM system affected versions not specified Description: An improper input validation in the PAM system allows an unauthenticated attacker to achieve remote command execution by sending a specially crafted HTTP request. Recommendations: At the...

CLSA-2024-1718796961 pam: Fix of CVE-2024-22365

CVE-2024-22365: use ODIRECTORY to prevent local DoS situations...

Drupal Drupal REST & JSON API Authentication module < 2.0.13 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by Arek Suchecki in WordPress Module Drupal REST & JSON API Authentication versions 2.0.13...