CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values...

Exim 安全漏洞

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. A security vulnerability exists in Exim versions prior to 4.96, which stems from an invalid free in pamconverse in auths/callpam.c. The vulnerability is caused by the use of an invalid free...

PT-2022-23764 · Grommunio · Gromox

Name of the Vulnerable Software and Affected Versions: Grommunio Gromox versions 0.5 through 1.x before 1.28 Description: The issue is related to weak permissions on the configuration file in the PAM module, allowing a local unprivileged user in the gromox group to execute arbitrary code upon...

The vulnerability of the microprogramming software in the integrated facial authentication module of Intel RealSense ID Solution F450 allows a intruder to disclose protected information.

The vulnerability of the microprogramming software in the integrated facial authentication module of Intel RealSense ID Solution F450 is related to initialization errors. Exploiting this vulnerability can allow attackers to disclose protected information...

Oracle MySQL 输入验证错误漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and an input validation error vulnerability exists in Oracle MySQL 8.0.28 and earlier versions, which originates in the PAM Auth component of MySQL...

CVE-2022-22215

A Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in plugable authentication module PAM of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service DoS. It is possible that after the...

The vulnerability of the PAM auth function in the configuration management system and the remote execution of Salt operations allows a perpetrator to execute any commands they want.

The vulnerability of the PAM auth function in configuration management and remote execution of Salt operations is related to the absence of effective blocking for “locked accounts”. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

UBUNTU-CVE-2022-22967

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

OpenAM 安全漏洞

OpenAM Open Source Edition is an open source single sign-on framework. The product achieves transparent single sign-on e.g., centralized, distributed single sign-on in a network architecture by providing a core identity service Core Server. A security vulnerability exists in OpenAM that stems fro...

Intel BIOS firmware 安全漏洞

Intel BIOS firmware is a set of programs from the U.S. company Intel that are solidified onto a ROM chip on the motherboard inside a computer. A security vulnerability exists in Intel BIOS firmware, which arises from improper access control in the BIOS authentication code module and can be...

mod_auth_openidc: open redirect in oidc_validate_redirect_url()

A flaw was found in modauthopenidc where it does not sanitize redirection URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest...

CVE-2021-46167

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service DoS...

CVE-2021-46167

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service DoS...

CVE-2021-46167

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service DoS...

CVE-2021-46167

An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service DoS...

PT-2022-12599 · Unknown · Wizplat Pd065

Name of the Vulnerable Software and Affected Versions: wizplat PD065 version 1.19 Description: An access control issue in the authentication module allows attackers to access sensitive data and cause a Denial of Service DoS. Recommendations: For wizplat PD065 version 1.19, consider temporarily...

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Mod_auth_openidc, allows a perpetrator to compromise data integrity.

The vulnerability of the authentication and authorization module for the Apache 2.x HTTP server, Modauthopenidc, is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...

DEBIAN-CVE-2022-1049

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login...

CVE-2022-1049

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login...

UBUNTU-CVE-2022-1049

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login...