| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-0934 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2022 | A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | ||
| CVE-2022-0850 | Hig | 0.00 | 7.1 | 0.00 | Aug 29, 2022 | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | ||
| CVE-2022-0497 | Hig | 0.00 | 7.1 | 0.00 | Aug 29, 2022 | A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. | ||
| CVE-2022-0400 | Hig | 0.49 | 7.5 | 0.01 | Aug 29, 2022 | An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. | ||
| CVE-2022-0367 | Hig | 0.00 | 7.8 | 0.00 | Aug 29, 2022 | A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. | ||
| CVE-2022-0358 | Hig | 0.00 | 7.8 | 0.00 | Aug 29, 2022 | A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a… | ||
| CVE-2022-0336 | Hig | 0.00 | 8.8 | 0.01 | Aug 29, 2022 | The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on… | ||
| CVE-2022-0284 | Hig | 0.00 | 7.1 | 0.01 | Aug 29, 2022 | A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can… | ||
| CVE-2022-36690 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2022 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. | ||
| CVE-2022-36689 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2022 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. | ||
| CVE-2022-36688 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2022 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. | ||
| CVE-2022-36686 | Hig | 0.57 | 8.8 | 0.01 | Aug 29, 2022 | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. | ||
| CVE-2022-3019 | Hig | 0.00 | 8.8 | 0.01 | Aug 29, 2022 | The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | ||
| CVE-2022-25921 | — | Hig | 0.53 | 8.1 | 0.01 | Aug 29, 2022 | All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. | |
| CVE-2021-41785 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2022 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | ||
| CVE-2021-41784 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2022 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | ||
| CVE-2021-41783 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2022 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | ||
| CVE-2021-41782 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2022 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | ||
| CVE-2021-41781 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2022 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | ||
| CVE-2021-41780 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2022 | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | ||
| CVE-2022-38511 | Hig | 0.51 | 7.8 | 0.01 | Aug 29, 2022 | TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. | ||
| CVE-2022-38510 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2022 | Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. | ||
| CVE-2022-36616 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2022 | TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||
| CVE-2022-36615 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2022 | TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||
| CVE-2022-36614 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2022 | TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||
| CVE-2022-36613 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2022 | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||
| CVE-2022-36612 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2022 | TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||
| CVE-2022-36611 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2022 | TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||
| CVE-2022-36610 | Hig | 0.51 | 7.8 | 0.00 | Aug 29, 2022 | TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | ||
| CVE-2022-36704 | Hig | 0.57 | 8.8 | 0.01 | Aug 28, 2022 | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php. | ||
| CVE-2022-38571 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem. | ||
| CVE-2022-38570 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter. | ||
| CVE-2022-38569 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd. | ||
| CVE-2022-38568 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter. | ||
| CVE-2022-38567 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter. | ||
| CVE-2022-38566 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter. | ||
| CVE-2022-38565 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter. | ||
| CVE-2022-38564 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter. | ||
| CVE-2022-38563 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter. | ||
| CVE-2022-38562 | Hig | 0.49 | 7.5 | 0.01 | Aug 28, 2022 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter. | ||
| CVE-2022-3016 | Hig | 0.00 | 7.8 | 0.01 | Aug 28, 2022 | Use After Free in GitHub repository vim/vim prior to 9.0.0286. | ||
| CVE-2022-38794 | Hig | 0.49 | 7.5 | 0.04 | Aug 27, 2022 | Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. | ||
| CVE-2022-36546 | Hig | 0.57 | 8.8 | 0.00 | Aug 26, 2022 | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | ||
| CVE-2022-2915 | Hig | 0.57 | 8.8 | 0.01 | Aug 26, 2022 | A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. | ||
| CVE-2022-36537 | — | Hig | 0.19 | 7.5 | 0.95 | KEV | Aug 26, 2022 | ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. |
| CVE-2022-36529 | Hig | 0.57 | 8.8 | 0.01 | Aug 26, 2022 | Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. | ||
| CVE-2022-31773 | Hig | 0.57 | 8.8 | 0.00 | Aug 26, 2022 | IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357. | ||
| CVE-2022-0217 | Hig | 0.49 | 7.5 | 0.05 | Aug 26, 2022 | It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition,… | ||
| CVE-2022-0084 | Hig | 0.42 | 7.5 | 0.01 | Aug 26, 2022 | A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or… | ||
| CVE-2022-25625 | Hig | 0.57 | 8.8 | 0.01 | Aug 26, 2022 | A malicious unauthorized PAM user can access the administration configuration data and change the values. |
- risk 0.49cvss 7.5epss 0.01
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
- risk 0.00cvss 7.1epss 0.00
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
- risk 0.00cvss 7.1epss 0.00
A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.
- risk 0.49cvss 7.5epss 0.01
An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.
- risk 0.00cvss 7.8epss 0.00
A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.
- risk 0.00cvss 7.8epss 0.00
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a…
- risk 0.00cvss 8.8epss 0.01
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on…
- risk 0.00cvss 7.1epss 0.01
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can…
- risk 0.57cvss 8.8epss 0.01
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=.
- risk 0.57cvss 8.8epss 0.01
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=.
- risk 0.57cvss 8.8epss 0.01
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=.
- risk 0.57cvss 8.8epss 0.01
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=.
- risk 0.00cvss 8.8epss 0.01
The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).
- risk 0.53cvss 8.1epss 0.01
All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.
- risk 0.51cvss 7.8epss 0.01
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
- risk 0.51cvss 7.8epss 0.01
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
- risk 0.51cvss 7.8epss 0.01
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
- risk 0.51cvss 7.8epss 0.01
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
- risk 0.51cvss 7.8epss 0.01
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
- risk 0.51cvss 7.8epss 0.01
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
- risk 0.51cvss 7.8epss 0.01
TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.
- risk 0.51cvss 7.8epss 0.00
Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
- risk 0.51cvss 7.8epss 0.00
TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
- risk 0.57cvss 8.8epss 0.01
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter.
- risk 0.49cvss 7.5epss 0.01
Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter.
- risk 0.00cvss 7.8epss 0.01
Use After Free in GitHub repository vim/vim prior to 9.0.0286.
- risk 0.49cvss 7.5epss 0.04
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.
- risk 0.57cvss 8.8epss 0.00
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php.
- risk 0.57cvss 8.8epss 0.01
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.
- risk 0.19cvss 7.5epss 0.95
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.
- risk 0.57cvss 8.8epss 0.01
Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml.
- risk 0.57cvss 8.8epss 0.00
IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.
- risk 0.49cvss 7.5epss 0.05
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition,…
- risk 0.42cvss 7.5epss 0.01
A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or…
- risk 0.57cvss 8.8epss 0.01
A malicious unauthorized PAM user can access the administration configuration data and change the values.