TencentOS Server 4: pam (TSSA-2024:1020)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1020 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2018-9694

Malware in sbrugna...

EUVD-2024-33602

Malicious code in bioql PyPI...

Ubuntu 24.04 LTS / 25.04 : PAM vulnerability (USN-7761-1)

The remote Ubuntu 24.04 LTS / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7761-1 advisory. It was discovered that the PAM pamaccess module incorrectly parsed certain rules as hostnames. An attacker could possibly use this issue to spoof hostname...

USN-7761-1 pam vulnerability

It was discovered that the PAM pamaccess module incorrectly parsed certain rules as hostnames. An attacker could possibly use this issue to spoof hostnames and bypass access restrictions...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1228)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K000149845: pam_access vulnerability CVE-2024-10963

Security Advisory Description A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-1178)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : pam (ELSA-2024-10379)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-10379 advisory. - pamaccess: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and RHEL-66242 - pamunix: always run the helper to obtain shadow passwor...

pam:1.5.1 security update

1.5.1-22.0.1 - pamaccess: clean up the remote host matching code Orabug: 36771903 - pamlimits: fix use after free in pamsmopensession Orabug: 36406534 1.5.1-22 - pamaccess: rework resolving of tokens as hostname. Resolves: CVE-2024-10963 and RHEL-66245 1.5.1-21 - pamunix: always run the helper to...

CVE-2024-10963

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

CVE-2024-10963

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

UBUNTU-CVE-2024-10963

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

CVE-2024-10963 Pam: improper hostname interpretation in pam_access leads to access control bypass

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

CVE-2024-10963

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

CVE-2024-10963

CVE-2024-10963 is a pam_access vulnerability where certain rules in its configuration file are mistakenly treated as hostnames, enabling an attacker to impersonate a trusted hostname and gain unauthorized access. Documented impact is access control bypass on systems relying on pam_access rules. T...

CVE-2024-10963

A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this...

UBUNTU-CVE-2022-28321

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pamaccess.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a...

openSUSE Tumbleweed 授权问题漏洞

openSUSE Tumbleweed is an open source system from the openSUSE project. A security vulnerability exists in openSUSE Tumbleweed versions prior to 1.5.2-6.1, which stems from the pamaccess.so module not properly restricting logins if a user attempts to connect from an IP address that is not...

Open redirect

A incorrect variable in a SUSE specific patch for pamaccess rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pamaccess rules not being applied fail open...