103 matches found
EUVD-2026-29059
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from before 1.43.7, 1.44.4, 1.45.2...
CVE-2026-34087
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation OATHAuth. This issue affects OATHAuth: from before 1.43.7, 1.44.4, 1.45.2...
FBI Agent’s Sworn Testimony Contradicts Claims ICE’s Jonathan Ross Made Under Oath
The testimony also calls into question whether Ross failed to follow his training during the incident in which he reportedly shot and killed Minnesota citizen Renee Good...
EUVD-2013-7098
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2024-47191
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandle...
Linux Distros Unpatched Vulnerability : CVE-2020-13300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow...
Security Bulletin: IBM Storage Ceph is vulnerable to Path Traversal in oath-toolkit (CVE-2024-47191)
Summary oath-toolkit is used by IBM Storage Ceph for metrics and authentication. CVE-2024-47191 This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. Vulnerability Details CVEID:CVE-2024-47191 DESCRIPTION: pamoath.so in oath-toolkit 2.6.7 through 2.6.11 befo...
oath-toolkit: Local root exploit in a PAM module
A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...
TencentOS Server 4: oath-toolkit (TSSA-2024:0674)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0674 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
Fedora: Security Advisory (FEDORA-2024-fd57a07560)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K000151330: Oath Toolkit vulnerability CVE-2024-47191
Security Advisory Description pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink. CVE-2024-47191 Impact There is ...
oath-toolkit: Local root exploit in a PAM module
A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...
oath-toolkit: Local root exploit in a PAM module
A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...
oath-toolkit: Local root exploit in a PAM module
A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...
Azure Linux 3.0 Security Update: oath-toolkit (CVE-2024-47191)
The version of oath-toolkit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47191 advisory. - pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because...
GLSA-202412-11 : OATH Toolkit: Privilege Escalation
The remote host is affected by the vulnerability described in GLSA-202412-11 OATH Toolkit: Privilege Escalation A vulnerability has been discovered in OATH Toolkit. Please review the CVE identifier referenced below for details. Tenable has extracted the preceding description block directly from t...
OATH Toolkit: Privilege Escalation
Background OATH Toolkit provide components to build one-time password authentication systems. It contains shared C libraries, command line tools and a PAM module. Supported technologies include the event-based HOTP algorithm RFC 4226, the time-based TOTP algorithm RFC 6238, and Portable Symmetric...
Astra Linux - уязвимость в oath-toolkit
pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...
Fedora 41 : oath-toolkit (2024-fd57a07560)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-fd57a07560 advisory. This is new version fixing possible local privilege escalation. Tenable has extracted the preceding description block directly from the Fedora...
Mageia: Security Advisory (MGASA-2024-0335)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...