Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam pam vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1227
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote malicious users to gain privileges as disabled users.
Pam Pam 0.76
NA
CVE-2004-0366
SQL injection vulnerability in the libpam-pgsql library prior to 0.5.2 allows malicious users to execute arbitrary SQL statements.
Pam-pgsql Pam-pgsql
5.5
CVSSv3
CVE-2024-22365
linux-pam (aka Linux PAM) prior to 1.6.0 allows malicious users to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Linux-pam Linux-pam
NA
CVE-2006-5659
PAM_extern prior to 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
Pam Extern Pam Extern
9.8
CVSSv3
CVE-2022-28321
The Linux-PAM package prior to 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user wi...
Linux-pam Linux-pam
9.8
CVSSv3
CVE-2020-27780
A flaw was found in Linux-Pam in versions before 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Linux-pam Linux-pam
NA
CVE-2009-1384
pam_krb5 2.2.14 up to and including 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.
Eyrie Pam-krb5 2.2.14
Eyrie Pam-krb5 2.3.4
Eyrie Pam-krb5 2.3
NA
CVE-2007-0844
The auth_via_key function in pam_ssh.c in pam_ssh prior to 1.92, when the allow_blank_passphrase option is disabled, allows remote malicious users to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...
Pam Ssh Pam Ssh 1.91
9.8
CVSSv3
CVE-2016-20014
In pam_tacplus.c in pam_tacplus prior to 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
Pam Tacplus Project Pam Tacplus
NA
CVE-2010-3430
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissio...
Linux-pam Linux-pam 1.1.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »