528 matches found
Remote Code Execution (RCE)
Pluggable Authentication Modules PAM is vulnerable to remote code execution RCE. It was discovered that the pamxauth module did not verify the return values of the setuid and setgid system calls. A local, unprivileged user could use this flaw to execute the xauth command with root privileges and...
Privilege Escalation
Pluggable Authentication Modules PAM is vulnerable to Privilege Escalation. A flaw was found in the way pamconsole set console device permissions. It was possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to another local...
The vulnerability of the PAM module’s Python interpreter allows attackers to increase their privileges.
The vulnerability of the PAM module’s Python interpreter involves insecure management of privileges. Exploiting this vulnerability allows attackers to elevate their privileges using a specially created binary file with a setuid flag...
mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
USN-4314-1 libpam-krb5 vulnerability
Russ Allbery discovered that pam-krb5 incorrectly handled some responses. An attacker could possibly use this issue to execute arbitrary code...
Cisco FTD Software Pluggable Authentication Module DoS (cisco-sa-20191002-ftd-fpmc-dos)
According to its self-reported version, Cisco Firepower Threat Defense FTD Software is affected by a vulnerability in the configuration of the Pluggable Authentication Module PAM due to improper resource management in the context of user session management. An authenticated, remote attacker can...
CVE-2019-2737
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
AlertResponder - Automatic Security Alert Response Framework By AWS Serverless Application Model
AlertResponder is a serverless framework for automatic response of security alert. Overview AlertResponder receives an alert that is event of interest from security view point and responses the alert automatically. AlertResponder has 3 parts of automatic response. 1. Inspector investigates entiti...
RHEL 8 : mariadb:10.3 (RHSA-2019:3708)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3708 advisory. MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. The following packages have been upgraded ...
mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2019)
Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server : Pluggable Auth. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple...
The vulnerability of the PAM module of Cisco Firepower Threat Defense’s microprogramming network interfaces, as well as the Cisco Firepower Management Center’s network management software and the Cisco FX-OS operating system, allows a perpetrator to trigger a service failure.
The vulnerability of the PAM module of Cisco Firepower Threat Defense’s microprogramming network interfaces, as well as the Cisco Firepower Management Center’s network management software and the Cisco FX-OS operating system, involves an uncontrolled consumption of resources. Exploiting this...
CVE-2019-12700
A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...
CVE-2019-12700
A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...
CVE-2019-12700 Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability
A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...
Cisco FTD, FMC, and FXOS Software Pluggable Authentication Module Denial of Service Vulnerability
A vulnerability in the configuration of the Pluggable Authentication Module PAM used in Cisco Firepower Threat Defense FTD Software, Cisco Firepower Management Center FMC Software, and Cisco FXOS Software could allow an authenticated, remote attacker to cause a denial of service DoS condition. Th...
MariaDB 10.3.0 < 10.3.17 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 10.3.17. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.3.17 advisory. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.2...
DEBIAN-CVE-2019-16729
pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...
Vulnerability of the sub-component “Pluggable Auth” of the MySQL Server component of the Oracle MySQL database management system: This feature allows attackers to cause a service failure.
Vulnerability of the Server sub-component: The Pluggable Auth component of the MySQL Server of the Oracle MySQL database management system is related to improper access control. Exploiting this vulnerability may allow a malicious actor to cause service interruptions remotely...
DEBIAN-CVE-2019-16220
In WordPress before 5.2.3, validation and sanitization of a URL in wpvalidateredirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash...
PT-2019-5210 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.3 Description: The issue is related to the validation and sanitization of a URL in the wp validate redirect function in wp-includes/pluggable.php. This could lead to an open redirect if a provided URL path does...