Lucene search
K

528 matches found

Veracode
Veracode
added 2020/04/10 12:47 a.m.29 views

Remote Code Execution (RCE)

Pluggable Authentication Modules PAM is vulnerable to remote code execution RCE. It was discovered that the pamxauth module did not verify the return values of the setuid and setgid system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and...

3.3CVSS4.2AI score0.00366EPSS
Exploits0References24Affected Software1
Veracode
Veracode
added 2020/04/10 12:16 a.m.28 views

Privilege Escalation

Pluggable Authentication Modules PAM is vulnerable to Privilege Escalation. A flaw was found in the way pamconsole set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local...

3.4CVSS4.9AI score0.00302EPSS
Exploits0References20Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/04/06 12:0 a.m.4 views

The vulnerability of the PAM module’s Python interpreter allows attackers to increase their privileges.

The vulnerability of the PAM module’s Python interpreter involves insecure management of privileges. Exploiting this vulnerability allows attackers to elevate their privileges using a specially created binary file with a setuid flag...

7.8CVSS7.2AI score0.00356EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2020/03/31 7:37 p.m.6 views

mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4.9CVSS6.8AI score0.03919EPSS
Exploits0References5
OSV
OSV
added 2020/03/31 1:42 p.m.4 views

USN-4314-1 libpam-krb5 vulnerability

Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code...

9.8CVSS7.5AI score0.04784EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.34 views

Cisco FTD Software Pluggable Authentication Module DoS (cisco-sa-20191002-ftd-fpmc-dos)

According to its self-reported version, Cisco Firepower Threat Defense FTD Software is affected by a vulnerability in the configuration of the Pluggable Authentication Module PAM due to improper resource management in the context of user session management. An authenticated, remote attacker can...

7.7CVSS7AI score0.01879EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/02/16 8:8 a.m.28 views

CVE-2019-2737

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4.9CVSS1.8AI score0.03919EPSS
Exploits0References4
Kitploit
Kitploit
added 2020/01/22 11:30 a.m.83 views

AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model

AlertResponder is a serverless framework for automatic response of security alert. Overview AlertResponder receives an alert that is event of interest from security view point and responses the alert automatically. AlertResponder has 3 parts of automatic response. 1. Inspector investigates entiti...

7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/11/06 12:0 a.m.42 views

RHEL 8 : mariadb:10.3 (RHSA-2019:3708)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3708 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded ...

6.5CVSS6.8AI score0.04457EPSS
Exploits0References33
RedHat Linux
RedHat Linux
added 2019/11/05 10:30 p.m.4 views

mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...

4.9CVSS6.8AI score0.03919EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/10/24 12:0 a.m.5 views

The vulnerability of the PAM module of Cisco Firepower Threat Defense’s microprogramming network interfaces, as well as the Cisco Firepower Management Center’s network management software and the Cisco FX-OS operating system, allows a perpetrator to trigger a service failure.

The vulnerability of the PAM module of Cisco Firepower Threat Defense’s microprogramming network interfaces, as well as the Cisco Firepower Management Center’s network management software and the Cisco FX-OS operating system, involves an uncontrolled consumption of resources. Exploiting this...

7.7CVSS5.5AI score0.01879EPSS
Exploits0References2Affected Software3
OSV
OSV
added 2019/10/02 7:15 p.m.4 views

CVE-2019-12700

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

6.5CVSS6.9AI score0.01879EPSS
Exploits0References1
NVD
NVD
added 2019/10/02 7:15 p.m.33 views

CVE-2019-12700

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

7.7CVSS6.5AI score0.01879EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/02 7:6 p.m.34 views

CVE-2019-12700 Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

7.7CVSS6.4AI score0.01879EPSS
Exploits0References1
Cisco
Cisco
added 2019/10/02 4:0 p.m.169 views

Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability

A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...

7.7CVSS6.7AI score0.01879EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/09/26 12:0 a.m.95 views

MariaDB 10.3.0 < 10.3.17 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.3.17. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.3.17 advisory. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.2...

6.5CVSS6.6AI score0.03972EPSS
Exploits0References8
OSV
OSV
added 2019/09/24 5:15 a.m.1 views

DEBIAN-CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

7.8CVSS7.3AI score0.00356EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/09/19 12:0 a.m.3 views

Vulnerability of the sub-component “Pluggable Auth” of the MySQL Server component of the Oracle MySQL database management system: This feature allows attackers to cause a service failure.

Vulnerability of the Server sub-component: The Pluggable Auth component of the MySQL Server of the Oracle MySQL database management system is related to improper access control. Exploiting this vulnerability may allow a malicious actor to cause service interruptions remotely...

4CVSS6.6AI score0.03919EPSS
Exploits0References25Affected Software7
OSV
OSV
added 2019/09/11 2:15 p.m.2 views

DEBIAN-CVE-2019-16220

In WordPress before 5.2.3, validation and sanitization of a URL in wpvalidateredirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash...

6.1CVSS6.9AI score0.0255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/09/11 12:0 a.m.7 views

PT-2019-5210 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.3 Description: The issue is related to the validation and sanitization of a URL in the wp validate redirect function in wp-includes/pluggable.php. This could lead to an open redirect if a provided URL path does...

9.8CVSS6.8AI score0.4375EPSS
Exploits16References79
Rows per page
Query Builder