Lucene search
K

354 matches found

Cvelist
Cvelist
added 2026/04/03 6:43 p.m.19 views

CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

3.7CVSS0.00436EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/03/23 4:48 p.m.7 views

Security update for util-linux

This update for util-linux fixes the following issues: CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for "login -h" bsc1258859. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.3CVSS5.8AI score0.00436EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.6 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15 contained a security vulnerability caused by improper execution of...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/11 12:51 a.m.151 views

Exploit for Incorrect Authorization in Suse Pam-Config

No d...

7.8CVSS5.4AI score0.00957EPSS
Exploits19
OSV
OSV
added 2026/01/30 4:35 p.m.9 views

CLEANSTART-2026-AX77726 vulnerability was found in PAM

Multiple security vulnerabilities affect the gitlab-shell-fips package. A vulnerability was found in PAM. See references for individual vulnerability details...

9.8CVSS8.5AI score0.00265EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: pam (CVE-2024-10963)

The version of pam installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10963 advisory. - A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...

7.4CVSS8.1AI score0.00798EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 12:31 a.m.8 views

EUVD-2026-3547

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

2.7CVSS4.8AI score0.00305EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 10:15 p.m.7 views

CVE-2026-21965

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

2.7CVSS0.00305EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/01/20 10:15 p.m.7 views

CVE-2026-21965

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

2.7CVSS7AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2026/01/20 10:15 p.m.8 views

UBUNTU-CVE-2026-21965

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

2.7CVSS5.8AI score0.00305EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/01/20 9:56 p.m.5 views

CVE-2026-21965

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

2.7CVSS6.5AI score0.00305EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/01/20 9:56 p.m.4 views

CVE-2026-21965

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 9.0.0-9.5.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

2.7CVSS6.5AI score0.00305EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.5 views

PT-2026-3712

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 9.0.0 through 9.5.0 Description An issue exists in the MySQL Server product of Oracle MySQL, specifically within the Server: Pluggable Auth component. This allows a high-privileged attacker with network access, through...

4CVSS7.1AI score0.00305EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : pam-1.1.1-13.AXS4 (AXSA:2013-122:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-122:01 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to...

4.6CVSS7AI score0.00696EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

MiracleLinux 4 : pam-1.1.1-20.AXS4.1 (AXSA:2015-439:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2015-439:01 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile...

6.5CVSS6.1AI score0.02705EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2026/01/14 9:14 a.m.8 views

pam security update

An update is available for pam. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Pluggable Authentication Modules PAM provide a system to set up authentication...

7.8CVSS6.8AI score0.0039EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

MiracleLinux 3 : pam-0.99.6.2-6.2.0.1.AXS3 (AXSA:2010-484:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-484:02 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to...

6.9CVSS5.5AI score0.00416EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 7 : pam-1.1.8-23.0.1.0.1.el7.AXS7 (AXSA:2025-10203:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10203:02 advisory. CVE-2024-10041: fix possibility of leakage of secret information stored in memory CVE-2024-22365: fix potential DoS via mkfifo because the openat...

5.5CVSS6.5AI score0.00459EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.2 views

EulerOS 2.0 SP9 : pam (EulerOS-SA-2026-1010)

According to the versions of the pam package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Local Privilege Escalation LPE vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules PAM. This flaw allows a...

7.8CVSS8.1AI score0.00957EPSS
Exploits13References2
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-23621

Name of the Vulnerable Software and Affected Versions util-linux affected versions not specified Description An access control bypass exists due to improper hostname canonicalization. This issue affects the 'login -h' command and can lead to incorrect access control. The fix ensures correct acces...

5.3CVSS5.8AI score0.00436EPSS
Exploits0References60
Rows per page
Query Builder