K51758043: MySQL vulnerability CVE-2016-0639

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication. CVE-2016-0639 Impact There is no impact; F5 products ar...

SUSE CVE-2003-0787

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges...

SUSE CVE-2004-1001

Unknown vulnerability in the passwdcheck function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pamchauthtok function call is not properly handled...

SUSE CVE-2010-3435

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...

SUSE CVE-2015-0385

Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth...

SUSE CVE-2015-4737

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth...

SUSE CVE-2016-0639

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication...

SUSE CVE-2017-10155

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Pluggable Auth. Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

SUSE CVE-2018-2769

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Pluggable Auth. Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

SUSE CVE-2019-2632

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to...

SUSE CVE-2019-2737

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

USN-5825-1 pam vulnerability

It was discovered that PAM did not correctly restrict login from an IP address that is not resolvable via DNS. An attacker could possibly use this issue to bypass authentication...

RHEL 6 / 7 : rh-mariadb102-mariadb and rh-mariadb102-galera (RHSA-2020:4174)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4174 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. The...

sssd bug fix and enhancement update

An update is available for sssd. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The System Security Services Daemon SSSD service provides a set of daemons to...

dovecot: Privilege escalation when similar master and non-master passdbs are used

A vulnerability was found in the Dovecot IMAP Server. When two passdb configuration entries exist in the Dovecot configuration, which have the same driver and args settings, the incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrect settings can lead...

PT-2022-28248 · Go · Github.Com/Mohammed90/Caddy-Ssh

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned, however, the issue is related to PAM Pluggable Authentication Modules and its implementation in a certain project, implying that the affected software is a PAM-based authentication system, but the...

CVE-2022-28321

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pamaccess.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a...

CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values...

CVE-2022-25625

A malicious unauthorized PAM user can access the administration configuration data and change the values...

PT-2022-23764 · Grommunio · Gromox

Name of the Vulnerable Software and Affected Versions: Grommunio Gromox versions 0.5 through 1.x before 1.28 Description: The issue is related to weak permissions on the configuration file in the PAM module, allowing a local unprivileged user in the gromox group to execute arbitrary code upon...