Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2002-1227
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote malicious users to gain privileges as disabled users.
Pam Pam 0.76
2.1
CVSSv2
CVE-2006-5659
PAM_extern prior to 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
Pam Extern Pam Extern
NA
CVE-2022-28321
The Linux-PAM package prior to 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user wi...
Linux-pam Linux-pam
7.5
CVSSv2
CVE-2004-0366
SQL injection vulnerability in the libpam-pgsql library prior to 0.5.2 allows malicious users to execute arbitrary SQL statements.
Pam-pgsql Pam-pgsql
10
CVSSv2
CVE-2020-27780
A flaw was found in Linux-Pam in versions before 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Linux-pam Linux-pam
NA
CVE-2024-22365
linux-pam (aka Linux PAM) prior to 1.6.0 allows malicious users to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Linux-pam Linux-pam
5
CVSSv2
CVE-2009-1384
pam_krb5 2.2.14 up to and including 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.
Eyrie Pam-krb5 2.2.14
Eyrie Pam-krb5 2.3.4
Eyrie Pam-krb5 2.3
7.5
CVSSv2
CVE-2016-20014
In pam_tacplus.c in pam_tacplus prior to 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
Pam Tacplus Project Pam Tacplus
4.7
CVSSv2
CVE-2010-3430
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissio...
Linux-pam Linux-pam 1.1.2
1.9
CVSSv2
CVE-2010-3431
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrat...
Linux-pam Linux-pam 1.1.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »