UBUNTU-CVE-2022-2127

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbinddpamauthcrap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manage...

UBUNTU-CVE-2022-26563

An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization...

USN-6156-2 sssd regression

USN-6156-1 fixed a vulnerability in SSSD. In certain environments, not all packages ended up being upgraded at the same time, resulting in authentication failures when the PAM module was being used. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It w...

Security Bulletin: CWE – 307: Inadequate Account Lockout may affect IBM CICS TX Standard

Summary CWE - 307 may affect IBM CICS TX Standard. IBM CICS TX Standard has addressed the applicable CWE. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM CICS TX Standard| 11.1...

CVE-2022-48477

In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing...

JetBrains Hub 代码问题漏洞

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A code issue vulnerability exists in versions of JetBrains Hub prior to 2023.1.15725, which stems from a lack of server request forgery protecti...

SUSE CVE-2023-28625

modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...

CodeIgniter Shield 安全漏洞

CodeIgniter Shield is the authentication and authorization module for CodeIgniter 4 from CodeIgniter, Inc. CodeIgniter Shield has a security vulnerability that stems from hashed passwords being easier to crack than expected...

SUSE CVE-2004-1001

Unknown vulnerability in the passwdcheck function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pamchauthtok function call is not properly handled...

SUSE CVE-2008-0003

Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server tog-pegasus, when compiled to use PAM and without PEGASUSUSEPAMSTANDALONEPROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different...

SUSE CVE-2018-1343

PAM exposure enabling unauthenticated access to remote host...

Vulnerability of the PAM module for Juniper Networks Junos OS and Junper Networks Junos OS Evolved, allowing a hacker to trigger a service failure

The vulnerability of the PAM module in Juniper Networks’ Junos OS and Juniper Networks’ Junos OS Evolved is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

DEBIAN-CVE-2022-23527

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

CVE-2022-23527 Open Redirect in oidc_validate_redirect_url()

modauthopenidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check fo...

mod_auth_openidc 输入验证错误漏洞

modauthopenidc is a software application. It is an authentication/authorization module for the Apache 2.x HTTP server that is used as an OpenID Connect dependency to authenticate users against the OpenID Connect provider. An input validation error vulnerability exists in modauthopenidc prior to...

dovecot: Privilege escalation when similar master and non-master passdbs are used

A vulnerability was found in the Dovecot IMAP Server. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrect settings can lead...

pcs: improper authentication via PAM

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon allowed expired accounts and accounts with expired passwords to log in when using PAM authentication. Unprivileged, expired accounts with previously denied access could still log in...

The vulnerability of the pam_access.so function in the Linux-PAM authentication module allows a hacker to circumvent existing security restrictions.

The vulnerability of the pamaccess.so module of the Linux-PAM authentication module is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...

Arvados 授权问题漏洞

Arvados is an open source platform for managing and analyzing biomedical big data. An authorization issue vulnerability exists in Arvados version 2.4.2 and prior versions, which stems from the fact that when a user is authenticated using the Portable Authentication Module PAM, Arvados can still b...

CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values...