Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam pam vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-27780
A flaw was found in Linux-Pam in versions before 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Linux-pam Linux-pam
10
CVSSv2
CVE-2019-5021
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of t...
Gliderlabs Docker-alpine
Opensuse Leap 15.0
Opensuse Leap 15.1
F5 Big-ip Controller 1.2.1
3 Github repositories
10
CVSSv2
CVE-2016-4422
The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent malicious users to bypass authentication or gain privileges via a system user account.
Libpam-sshauth Project Libpam-sshauth -
Debian Debian Linux 8.0
10
CVSSv2
CVE-2016-0693
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote malicious users to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.
Oracle Solaris 11.3
Oracle Solaris 10
10
CVSSv2
CVE-2008-1668
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote malicious users to gain priv...
Hp Hp-ux 11.11
10
CVSSv2
CVE-2008-0003
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote malicious users to execute arbitrary code via unknow...
Openpegasus Management Server 2.6.1
10
CVSSv2
CVE-2006-3742
The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows malicious users to login without a password by attempting to log in multiple times.
Kde Kdebase 3.5.4 0.4.fc5
10
CVSSv2
CVE-2006-0736
Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote malicious users to execute arbitrary code via unspecified vectors.
Novell Open Enterprise Server 1
Novell Linux Desktop 9
10
CVSSv2
CVE-2005-0002
poppassd_pam 1.0 and previous versions, when changing a user password, does not verify that the user entered the old password correctly, which allows remote malicious users to change passwords for arbitrary users.
Gentoo Poppassd Pam
10
CVSSv2
CVE-2004-0083
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 up to and including 4.3.0 allows local users and remote malicious users to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
Xfree86 Project X11r6 4.3.0
Xfree86 Project X11r6 4.1.0
Xfree86 Project X11r6 4.1.11
Xfree86 Project X11r6 4.2.1
Xfree86 Project X11r6 4.1.12
Xfree86 Project X11r6 4.2.0
Openbsd Openbsd 3.3
Openbsd Openbsd 3.4
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »