Lucene search
K

147 matches found

OSV
OSV
added 2024/10/23 2:15 p.m.5 views

AZL-51729 CVE-2024-10041 affecting package pam for versions less than 1.5.3-4

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

4.7CVSS7AI score0.00265EPSS
Exploits0References1
OSV
OSV
added 2024/10/23 2:15 p.m.1 views

DEBIAN-CVE-2024-10041

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

4.7CVSS6.2AI score0.00265EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/08/06 4:49 a.m.5 views

SUSE CVE-1999-0342

Linux PAM modules allow local users to gain root access using temporary files...

6.2CVSS7AI score0.00329EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2024/05/22 12:0 a.m.39 views

Moderate: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: allowing unprivileged user to block another user namespace CVE-2024-22365 For more details about the security issues,...

5.5CVSS6.3AI score0.00459EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2024/04/30 10:24 a.m.33 views

Moderate: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

5.5CVSS6.5AI score0.00459EPSS
Exploits1References8
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.31 views

Moderate: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: pam: allowing unprivileged user to block another user namespace CVE-2024-22365 For more details about the security issues,...

5.5CVSS6.7AI score0.00459EPSS
Exploits1References4
Ubuntu
Ubuntu
added 2024/03/26 8:9 a.m.369 views

USN-6588-2: PAM vulnerability

USN-6588-1 fixed a vulnerability in PAM. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. Original advisory details: Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing director...

5.5CVSS6.3AI score0.00459EPSS
Exploits1
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.7 views

Devolutions Server Security Vulnerability

Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server version 2023.3.14.0 and prior versions, which originates from PAM password rotation during the sign-in...

4.3CVSS6.7AI score0.00339EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/01/17 5:43 p.m.117 views

USN-6588-1: PAM vulnerability

Matthias Gerstner discovered that the PAM pamnamespace module incorrectly handled special files when performing directory checks. A local attacker could possibly use this issue to cause PAM to stop responding, resulting in a denial of service...

5.5CVSS6.3AI score0.00459EPSS
Exploits1
OSV
OSV
added 2023/08/30 6:15 p.m.2 views

UBUNTU-CVE-2023-40184

xrdp is an open source remote desktop protocol RDP server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The authstartsession function can return non-zero 1 value on, e.g., PAM error which may result in in session...

6.5CVSS5.8AI score0.00728EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2003-0787

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges...

7.5CVSS8.4AI score0.0166EPSS
Exploits0References3
OSV
OSV
added 2023/01/25 9:38 a.m.3 views

USN-5825-1 pam vulnerability

It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication...

9.8CVSS7.3AI score0.01218EPSS
Exploits0References2
OSV
OSV
added 2022/09/19 10:15 p.m.1 views

CVE-2022-28321

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pamaccess.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a...

9.8CVSS5.8AI score0.01218EPSS
Exploits0References3
NCSC
NCSC
added 2022/06/24 12:0 a.m.4 views

Malleability remedied in Salt

Salt Project has fixed a vulnerability in Salt. A malicious person who has a locked user account can still perform actions under privileges of this account. Systems are vulnerable only when PAM authentication is used. Salt Project has released updates to fix the vulnerability fix in Salt 3002.9,...

8.8CVSS7AI score0.01878EPSS
Exploits0
PyPA
PyPA
added 2022/06/23 5:15 p.m.14 views

PYSEC-2022-210

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

8.8CVSS6.9AI score0.01878EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.4 views

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack. The tool provides configuration management, remote execution, and other features. A security vulnerability exists in SaltStack Salt versions prior to 3002.9, prior to 3003.5, and prior to 3004.2, which stems...

8.8CVSS8.3AI score0.01878EPSS
Exploits0References9
CNNVD
CNNVD
added 2022/03/25 12:0 a.m.3 views

Pacemaker 授权问题漏洞

Pacemaker is a scalable, high-availability cluster resource manager. An authorization issue vulnerability exists in pcs in the Pacemaker management tool that stems from the pcs daemon allowing accounts with expired accounts and passwords to log in when using PAM authentication...

8.8CVSS7.3AI score0.01825EPSS
Exploits1References12
Rockylinux
Rockylinux
added 2021/12/21 9:7 a.m.11 views

sssd bug fix and enhancement update

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon SSSD service provides a set of daemons to...

0.5AI score
Exploits0
OSV
OSV
added 2021/11/09 7:27 p.m.10 views

ALBA-2021:4541 sssd bug fix and enhancement update

The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...

7.1AI score
Exploits0
AlmaLinux
AlmaLinux
added 2021/06/29 1:42 p.m.20 views

sssd bug fix and enhancement update

The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...

7.1AI score
Exploits0
Rows per page
Query Builder