Lucene search
K

528 matches found

OSV
OSV
added 2025/06/06 2:4 p.m.3 views

OESA-2025-1599 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by...

4.7CVSS6.8AI score0.00265EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2025/05/24 12:0 a.m.4 views

$PD^3F$: a Pluggable and Dynamic DoS-Defense Framework against Resource Consumption Attacks Targeting Large Language Models

Large Language Models LLMs, due to substantial computational requirements, are vulnerable to resource consumption attacks, which can severely degrade server performance or even cause crashes, as demonstrated by denial-of-service DoS attacks designed for LLMs. However, existing works lack mitigati...

6.9AI score
Exploits0
SUSE Linux
SUSE Linux
added 2025/05/14 9:6 a.m.1 views

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

5.7CVSS6.5AI score0.00265EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/05/07 7:36 p.m.1 views

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

5.7CVSS6.5AI score0.00265EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/05/07 12:48 p.m.7 views

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

7.1CVSS5.7AI score0.00341EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/04/30 12:0 a.m.6 views

The vulnerability of the Linux-PAM authentication module, related to the insecure storage of confidential information, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Linux-PAM authentication module is related to the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

4.7CVSS6.5AI score0.00265EPSS
Exploits0References9Affected Software7
CNNVD
CNNVD
added 2025/04/21 12:0 a.m.3 views

Soffid Console 安全漏洞

Soffid Console is a console management software from the Spanish company Soffid. A security vulnerability exists in Soffid Console versions prior to 3.6.32, which stems from improper handling of pam service authorization...

2.5CVSS6.6AI score0.00103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/18 12:1 a.m.26 views

CVE-2025-30700

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks...

3.5CVSS5.3AI score0.00404EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/04/17 12:0 a.m.12 views

Oracle Solaris Critical Patch Update : apr2025_SRU11_4_78_189_2

The version of Solaris installed on the remote host is prior to 11.4.78.189.2. It is, therefore, affected by multiple vulnerabilities as referenced in the solaris11apr2025SRU114781892 advisory. - Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported...

7.2CVSS7.3AI score0.00404EPSS
Exploits0References4
NVD
NVD
added 2025/04/15 9:15 p.m.20 views

CVE-2025-30700

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks...

3.5CVSS0.00404EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.3 views

Oracle Solaris 安全漏洞

Oracle Solaris is a UNIX operating system from Oracle Corporation USA. A security vulnerability exists in Oracle Solaris version 11, which stems from a flaw in the Pluggable Authentication Module that could lead to data disclosure...

3.5CVSS7.2AI score0.00404EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/04/07 3:27 p.m.3 views

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

7.1CVSS5.7AI score0.00341EPSS
Exploits0References4
OSV
OSV
added 2025/03/20 6:43 p.m.3 views

USN-7363-1 pam-pkcs11 vulnerabilities

Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS11 did not properly handle certain return codes when authentication was not possible. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. CVE-2025-24531 It was...

9.2CVSS5.8AI score0.00677EPSS
Exploits0References3
OSV
OSV
added 2025/03/05 2:56 p.m.3 views

SUSE-SU-2025:20231-1 Security update for pam_u2f

This update for pamu2f fixes the following issues: - CVE-2025-23013: Fixed problematic PAMIGNORE return values in pamsmauthenticatebsc1233517...

7.3CVSS5.5AI score0.00397EPSS
Exploits0References3
OSV
OSV
added 2025/02/18 3:15 a.m.5 views

AZL-57034 CVE-2025-1390 affecting package libcap for versions less than 2.69-2

The PAM module pamcap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to...

6.1CVSS6.7AI score0.00149EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/02/17 12:0 a.m.8 views

The vulnerability of the pam_sm_authenticate() function in the PAM-PKCS#11 authentication module of Linux operating systems allows a hacker to bypass the authentication process and gain unauthorized access to protected information.

The vulnerability of the pamsmauthenticate function in the PAM-PKCS11 authentication module of Linux operating systems is related to authentication errors. Exploiting this vulnerability could allow a malicious actor to bypass the authentication process and gain unauthorized access to protected...

9.7CVSS6.9AI score0.00235EPSS
Exploits0References9Affected Software4
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.6 views

PT-2025-6217 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.10.0 and earlier Description: The issue is related to improper password reset in the PAM Module, allowing an authenticated user to reuse the oracle user password after check-in due to a crash in the password...

5.4CVSS7AI score0.00323EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.4 views

PAM-PKCS#11 授权问题漏洞

PAM-PKCS11 is an OpenSC open source login module. An authorization issue vulnerability exists in PAM-PKCS11 versions prior to 0.6.13, which stems from not checking private key signatures in the default configuration, allowing an attacker to create a new token and log in with the user's public dat...

9.2CVSS7.6AI score0.00677EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/02/10 12:0 a.m.4 views

PAM-PKCS#11 代码问题漏洞

PAM-PKCS11 is an OpenSC open source login module. A code issue vulnerability exists in PAM-PKCS11 0.6.12 and earlier versions, which stems from an incorrect handling of a user's canceled PIN entry operation, resulting in a segmentation error that could cause a daemon using PAM to crash...

5.1CVSS4.5AI score0.00139EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.5 views

PT-2025-5378 · Pam · Pam

Name of the Vulnerable Software and Affected Versions: PAM affected versions not specified Description: A specific authentication strategy allows learning the ids of PAM users associated with certain authentication types. Recommendations: At the moment, there is no information about a newer versi...

5.3CVSS7.2AI score0.0024EPSS
Exploits0References8
Rows per page
Query Builder