Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linux-pam linux-pam vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2014-2583
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) P...
Linux-pam Linux-pam 1.1.8
4.9
CVSSv2
CVE-2018-6558
The pam_fscrypt module in fscrypt prior to 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows malicious users to gain privileges via a successful login through certain applications that use Linux-PAM (aka pa...
Google Fscrypt
4.9
CVSSv2
CVE-2010-4706
The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and previous versions does not properly handle a failure to determine a certain target uid, which might allow local users to delete unintended files by executing a program that r...
Linux-pam Linux-pam 0.99.1.0
Linux-pam Linux-pam 0.99.2.0
Linux-pam Linux-pam 0.99.2.1
Linux-pam Linux-pam 0.99.3.0
Linux-pam Linux-pam 0.99.4.0
Linux-pam Linux-pam 0.99.5.0
Linux-pam Linux-pam 0.99.6.0
Linux-pam Linux-pam 0.99.6.1
Linux-pam Linux-pam 0.99.6.2
Linux-pam Linux-pam 0.99.6.3
Linux-pam Linux-pam 0.99.7.0
Linux-pam Linux-pam 0.99.7.1
Linux-pam Linux-pam 0.99.8.0
Linux-pam Linux-pam 0.99.8.1
Linux-pam Linux-pam 0.99.9.0
Linux-pam Linux-pam 0.99.10.0
Linux-pam Linux-pam 1.0.0
Linux-pam Linux-pam 1.0.1
Linux-pam Linux-pam 1.0.2
Linux-pam Linux-pam 1.0.3
Linux-pam Linux-pam 1.0.4
Linux-pam Linux-pam 1.1.0
4.9
CVSSv2
CVE-2010-4707
The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and previous versions does not verify that a certain ACL file is a regular file, which might allow local users to cause a denial of service (resource consumption) via a special file.
Linux-pam Linux-pam 0.99.1.0
Linux-pam Linux-pam 0.99.2.0
Linux-pam Linux-pam 0.99.2.1
Linux-pam Linux-pam 0.99.3.0
Linux-pam Linux-pam 0.99.4.0
Linux-pam Linux-pam 0.99.5.0
Linux-pam Linux-pam 0.99.6.0
Linux-pam Linux-pam 0.99.6.1
Linux-pam Linux-pam 0.99.6.2
Linux-pam Linux-pam 0.99.6.3
Linux-pam Linux-pam 0.99.7.0
Linux-pam Linux-pam 0.99.7.1
Linux-pam Linux-pam 0.99.8.0
Linux-pam Linux-pam 0.99.8.1
Linux-pam Linux-pam 0.99.9.0
Linux-pam Linux-pam 0.99.10.0
Linux-pam Linux-pam 1.0.0
Linux-pam Linux-pam 1.0.1
Linux-pam Linux-pam 1.0.2
Linux-pam Linux-pam 1.0.3
Linux-pam Linux-pam 1.0.4
Linux-pam Linux-pam 1.1.0
4.7
CVSSv2
CVE-2010-3430
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissio...
Linux-pam Linux-pam 1.1.2
4.7
CVSSv2
CVE-2010-3435
The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) prior to 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activ...
Linux-pam Linux-pam 0.99.1.0
Linux-pam Linux-pam 0.99.2.0
Linux-pam Linux-pam 0.99.2.1
Linux-pam Linux-pam 0.99.3.0
Linux-pam Linux-pam 0.99.4.0
Linux-pam Linux-pam 0.99.5.0
Linux-pam Linux-pam 0.99.6.0
Linux-pam Linux-pam 0.99.6.1
Linux-pam Linux-pam 0.99.6.2
Linux-pam Linux-pam 0.99.6.3
Linux-pam Linux-pam 0.99.7.0
Linux-pam Linux-pam 0.99.7.1
Linux-pam Linux-pam 0.99.8.0
Linux-pam Linux-pam 0.99.8.1
Linux-pam Linux-pam 0.99.9.0
Linux-pam Linux-pam 0.99.10.0
Linux-pam Linux-pam 1.0.0
Linux-pam Linux-pam 1.0.1
Linux-pam Linux-pam 1.0.2
Linux-pam Linux-pam 1.0.3
Linux-pam Linux-pam 1.0.4
Linux-pam Linux-pam 1.1.0
4.6
CVSSv2
CVE-2011-3148
Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) prior to 1.1.5 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long string of white spaces at the beginning of the ~/.p...
Linux-pam Linux-pam 0.99.1.0
Linux-pam Linux-pam 0.99.2.0
Linux-pam Linux-pam 0.99.2.1
Linux-pam Linux-pam 0.99.3.0
Linux-pam Linux-pam 0.99.4.0
Linux-pam Linux-pam 0.99.5.0
Linux-pam Linux-pam 0.99.6.0
Linux-pam Linux-pam 0.99.6.1
Linux-pam Linux-pam 0.99.6.2
Linux-pam Linux-pam 0.99.6.3
Linux-pam Linux-pam 0.99.7.0
Linux-pam Linux-pam 0.99.7.1
Linux-pam Linux-pam 0.99.8.0
Linux-pam Linux-pam 0.99.8.1
Linux-pam Linux-pam 0.99.9.0
Linux-pam Linux-pam 0.99.10.0
Linux-pam Linux-pam 1.0.0
Linux-pam Linux-pam 1.0.1
Linux-pam Linux-pam 1.0.2
Linux-pam Linux-pam 1.0.3
Linux-pam Linux-pam 1.0.4
Linux-pam Linux-pam 1.1.0
4.6
CVSSv2
CVE-2009-0579
Linux-PAM prior to 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.
Linux-pam Linux-pam 1.0.1
Linux-pam Linux-pam 0.99.9.0
Linux-pam Linux-pam 0.99.6.3
Linux-pam Linux-pam 0.99.6.1
Linux-pam Linux-pam 0.99.1.0
Linux-pam Linux-pam
Linux-pam Linux-pam 0.99.8.1
Linux-pam Linux-pam 0.99.8.0
Linux-pam Linux-pam 0.99.7.1
Linux-pam Linux-pam 0.99.7.0
Linux-pam Linux-pam 1.0.2
Linux-pam Linux-pam 1.0.0
Linux-pam Linux-pam 0.99.6.2
Linux-pam Linux-pam 0.99.6.0
Linux-pam Linux-pam 0.99.10.0
Linux-pam Linux-pam 1.0.3
Linux-pam Linux-pam 0.99.5.0
Linux-pam Linux-pam 0.99.4.0
Linux-pam Linux-pam 0.99.3.0
Linux-pam Linux-pam 0.99.2.1
Linux-pam Linux-pam 0.99.2.0
4.6
CVSSv2
CVE-2003-0388
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
Andrew Morgan Linux Pam
1 EDB exploit
4.3
CVSSv2
CVE-2013-7041
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for malicious users to guess the password via a brute force attack.
Cristian Gafton Pam Userdb -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »