Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2002-1227
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote malicious users to gain privileges as disabled users.
Pam Pam 0.76
668
VMScore
CVE-2004-0366
SQL injection vulnerability in the libpam-pgsql library prior to 0.5.2 allows malicious users to execute arbitrary SQL statements.
Pam-pgsql Pam-pgsql
187
VMScore
CVE-2006-5659
PAM_extern prior to 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
Pam Extern Pam Extern
NA
CVE-2022-28321
The Linux-PAM package prior to 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user wi...
Linux-pam Linux-pam
890
VMScore
CVE-2020-27780
A flaw was found in Linux-Pam in versions before 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Linux-pam Linux-pam
NA
CVE-2024-22365
linux-pam (aka Linux PAM) prior to 1.6.0 allows malicious users to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Linux-pam Linux-pam
445
VMScore
CVE-2009-1384
pam_krb5 2.2.14 up to and including 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.
Eyrie Pam-krb5 2.2.14
Eyrie Pam-krb5 2.3.4
Eyrie Pam-krb5 2.3
668
VMScore
CVE-2020-27743
libtac in pam_tacplus up to and including 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.
Pam Tacplus Project Pam Tacplus
614
VMScore
CVE-2020-36394
pam_setquota.c in the pam_setquota module prior to 2020-05-29 for Linux-PAM allows local malicious users to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.
Pam Setquota Project Pam Setquota
516
VMScore
CVE-2014-2583
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) P...
Linux-pam Linux-pam 1.1.8
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »