UBUNTU-CVE-2017-6059

Modauthopenidc.c in the Ping Identity OpenID Connect authentication module for Apache aka modauthopenidc before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request...

xrdp elevation of privilege vulnerability

xrdp is an open source Remote Desktop Protocol RDP server developed by software developer Jay Sorg. An elevation of privilege vulnerability exists in xrdp version 0.9.1, which stems from a failure to properly initialize the PAM session module. An attacker can exploit this vulnerability to cause a...

DEBIAN-CVE-2017-6967

xrdp 0.9.1 calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pamlimits.so bypass...

Cloud Foundry Elevation of Privilege Vulnerability

Cloud Foundry is an open source cloud computing platform. uAA is a user authentication module, a Java Spring project. An elevated privilege vulnerability exists in Cloud Foundry UAA. An attacker could exploit this vulnerability to gain elevated privileges in an affected application and take full...

Buffer overflow

Buffer overflow in the Authentication, Authorization and Accounting AAA module in Huawei USG2100, USG2200, USG5100, and USG5500 unified security gateways with software before V300R001C10SPC600 allows remote authenticated RADIUS servers to execute arbitrary code by sending a crafted EAP packet...

UBUNTU-CVE-2015-6564

Use-after-free vulnerability in the mmanswerpamfreectx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging control of the sshd uid to send an unexpectedly early MONITORREQPAMFREECTX request...

USN-2710-2 openssh regression

USN-2710-1 fixed vulnerabilities in OpenSSH. The upstream fix for CVE-2015-5600 caused a regression resulting in random authentication failures in non-default configurations. This update fixes the problem. Original advisory details: Moritz Jodeit discovered that OpenSSH incorrectly handled...

Drupal Shibboleth authentication module cross-site scripting vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Shibboleth Authentication is one of the user login and get access to the authentication module . A cross-site scripting vulnerability exists in the Drupal Shibboleth authentication...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities in the pam package of the operating system openSUSE; exploiting these vulnerabilities can lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The numerous vulnerabilities in the Debian GNU/Linux operating system’s pam package can be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by local malicious actors...

DEBIAN-CVE-2014-2830

Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pamcifscreds, allows remote attackers to have unspecified impact via unknown vectors...

TIBCO Spotfire Server Authentication Module Unspecified Remote Code Execution

The remote host is running a version of TIBCO Spotfire Server that is affected by a remote code execution vulnerability due to a unspecified flaw in the Authentication Module. A remote attacker can exploit this vulnerability to execute arbitrary code on the remote host, subject to the privileges ...

TIBCO Spotfire Analytics Server Authentication Module Unspecified Information Disclosure

The remote host is running a version of TIBCO Spotfire Analytics Server that is affected by an information disclosure vulnerability due to an unspecified flaw in the Authentication Module. A remote attacker can exploit this vulnerability to access sensitive information by sending a specially...

TIBCO Spotfire Server Authentication Module Unspecified Privilege Escalation

The remote host is running a version of TIBCO Spotfire Server that is affected by a privilege escalation vulnerability due to an unspecified flaw in the Authentication Module. A remote attacker can exploit this vulnerability to access sensitive information and modify data. %NASLMINLEVEL 70300 C...

Authentication flaw

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors...

CVE-2014-5285

CVE-2014-5285 affects the Authentication Module of TIBCO Spotfire Server prior to specific versions: 4.5.2, 5.0.x prior to 5.0.3, 5.5.x prior to 5.5.2, 6.0.x prior to 6.0.3, and 6.5.x prior to 6.5.1. The issue is described as an unspecified flaw in the Authentication Module that enables remote at...

CVE-2014-2544

Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x befor...

PAM S/Key: Information disclosure

Background PAM S/Key is a pluggable authentication module for the OpenBSD Single-key Password system. Description Ulrich Müller reported that a Gentoo patch to PAM S/Key does not remove credentials provided by the user from memory. Impact A local attacker with privileged access could inspect a...

DEBIAN-CVE-2012-6140

pamgoogleauthenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions and discover a shared secret via standard filesystem operations, a different vulnerability than...

CVE-2012-4494

The CVE-2012-4494 issue affects the Drupal Shibboleth authentication module (7.x-4.0). The vulnerability arises because the module does not properly verify the active status of users, allowing remote blocked users to bypass intended access restrictions by logging in. This is supported by multiple...