Loading HuntDB...

Version 4.1.0-4.1.7

OTHER 10 CVEs

Known Vulnerabilities

CVE-2024-38496

The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.

UNKNOWN Published Jul 15, 2024

CVE-2024-38495

A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database.

UNKNOWN Published Jul 15, 2024

CVE-2024-38494

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.

UNKNOWN Published Jul 15, 2024

CVE-2024-38493

A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.

UNKNOWN Published Jul 15, 2024

CVE-2024-38492

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.

UNKNOWN Published Jul 15, 2024

CVE-2024-38491

The vulnerability allows an unauthenticated attacker to read arbitrary information from the database.

UNKNOWN Published Jul 15, 2024

CVE-2024-36458

The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions.

UNKNOWN Published Jul 15, 2024

CVE-2024-36457

The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint.

UNKNOWN Published Jul 15, 2024

CVE-2024-36456

This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.

UNKNOWN Published Jul 15, 2024

CVE-2024-36455

An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.

UNKNOWN Published Jul 15, 2024