For providers

The vulnerability allows an unauthenticated attacker to access information in PAM database.

An improper input validation allows an unauthenticated attacker to alter PAM logs by sending a specially crafted HTTP request.

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address.

A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.

An improper input validation the CSRF filter results in unsanitized user input written to the application logs.

This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.

A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.

This vulnerability allows appliance compromise at boot time.

A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking...

Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.