Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25650
Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API...
2.1
CVSSv2
CVE-2010-4341
The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of service (infinite loop, crash, and login prevention) via a crafted packet.
Fedorahosted Sssd 1.4.0
Fedorahosted Sssd 1.4.1
Fedoraproject Sssd 1.3.0
Fedoraproject Sssd 1.5.0
7.8
CVSSv2
CVE-2006-6683
Pedro Lineu Orso chetcpasswd 2.4.1 and previous versions verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote malicious users to bypass intended restrictions implemented through PAM.
Pedro Lineu Orso Chetcpasswd
Pedro Lineu Orso Chetcpasswd 2.1
Pedro Lineu Orso Chetcpasswd 2.3.1
Pedro Lineu Orso Chetcpasswd 2.3.3
Pedro Lineu Orso Chetcpasswd 1.12
Pedro Lineu Orso Chetcpasswd 2.2.1
4.3
CVSSv2
CVE-2022-24756
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but before 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory....
Bareos Bareos
4.9
CVSSv2
CVE-2018-6558
The pam_fscrypt module in fscrypt prior to 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows malicious users to gain privileges via a successful login through certain applications that use Linux-PAM (aka pa...
Google Fscrypt
3.5
CVSSv2
CVE-2018-1419
IBM WebSphere MQ 8.0 and 9.0, when configured to use a PAM module for authentication, could allow a user to cause a deadlock in the IBM MQ PAM code which could result in a denial of service. IBM X-Force ID: 138949.
Ibm Websphere Mq 9.0.0.1
Ibm Websphere Mq 9.0.2
Ibm Websphere Mq 8.0.0.1
Ibm Websphere Mq 8.0.0.2
Ibm Websphere Mq 9.0
Ibm Websphere Mq 8.0.0.4
Ibm Websphere Mq 8.0.0.6
Ibm Websphere Mq 8.0.0.8
Ibm Websphere Mq 8.0.0.7
Ibm Websphere Mq 9.0.0.2
Ibm Websphere Mq 9.0.3
Ibm Websphere Mq 9.0.4
Ibm Websphere Mq 8.0
Ibm Websphere Mq 9.0.1
Ibm Websphere Mq 8.0.0.3
Ibm Websphere Mq 8.0.0.5
7.5
CVSSv2
CVE-2007-5360
Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote malicious users to execute arbitrary code via vectors related to PAM authentication, a dif...
Openpegasus Management Server
Vmware Esx 3.0.1
Vmware Esx 3.0.2
5
CVSSv2
CVE-2013-3271
EMC RSA Authentication Agent for PAM 7.0 prior to 7.0.2.1 enforces the maximum number of login attempts within the PAM-enabled application codebase, instead of within the Agent codebase, which makes it easier for remote malicious users to discover correct login credentials via a ...
Emc Rsa Authentication Agent 7.0.0
Emc Rsa Authentication Agent 7.0.1
Emc Rsa Authentication Agent 7.0.2
NA
CVE-2022-26563
An issue exists in Tildeslash Monit prior to 5.31.0, allows remote malicious users to gain escilated privlidges due to improper PAM-authorization.
Tildeslash Monit
NA
CVE-2023-40184
xrdp is an open source remote desktop protocol (RDP) server. In versions before 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may ...
Neutrinolabs Xrdp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »