mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successf...

Oracle MySQL Server PAM Auth Component Input Validation Error Vulnerability

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and an input validation error vulnerability exists in Oracle MySQL 8.0.28 and earlier versions, which originates in the PAM Auth component of MySQL...

SUSE SLES15 Security Update : salt (SUSE-SU-2022:2278-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2278-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allow...

SUSE SLES15 Security Update : salt (SUSE-SU-2022:2253-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2253-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allow...

Salt's PAM auth fails to reject locked accounts

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

GHSA-FPXM-FPRW-6HXJ Salt's PAM auth fails to reject locked accounts

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

SUSE SLED15 / SLES15 Security Update : salt (SUSE-SU-2022:2178-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2178-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked...

SUSE SLES15 Security Update : salt (SUSE-SU-2022:2159-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2159-1 advisory. - An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allow...

CVE-2022-22967

CVE-2022-22967 affects SaltStack Salt prior to 3002.9, 3003.5, and 3004.2. The issue is that PAM authentication fails to reject locked accounts, allowing a previously authorized user with an active or API session to run Salt commands even when the account is locked (including salt-api via PAM eau...