Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-27743
libtac in pam_tacplus up to and including 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.
Pam Tacplus Project Pam Tacplus
6.4
CVSSv2
CVE-2007-0844
The auth_via_key function in pam_ssh.c in pam_ssh prior to 1.92, when the allow_blank_passphrase option is disabled, allows remote malicious users to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...
Pam Ssh Pam Ssh 1.91
6.9
CVSSv2
CVE-2020-36394
pam_setquota.c in the pam_setquota module prior to 2020-05-29 for Linux-PAM allows local malicious users to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.
Pam Setquota Project Pam Setquota
5.8
CVSSv2
CVE-2014-2583
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) P...
Linux-pam Linux-pam 1.1.8
7.5
CVSSv2
CVE-2005-2949
pam_per_user prior to 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during ...
Mark D. Roth Pam Per User 0.1
Mark D. Roth Pam Per User 0.2
Mark D. Roth Pam Per User 0.3
7.5
CVSSv2
CVE-2003-0672
Format string vulnerability in pam-pgsql 0.5.2 and previous versions allows remote malicious users to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
Leon J Breedt Pam-pgsql 0.5.2
Leon J Breedt Pam-pgsql 0.5.1
7.5
CVSSv2
CVE-2001-1369
Leon J Breedt pam-pgsql prior to 0.5.2 allows remote malicious users to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
Leon J Breedt Pam-pgsql 0.5.2
Leon J Breedt Pam-pgsql 0.5.1
10
CVSSv2
CVE-2000-0843
Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote malicious users to execute arbitrary commands via a login with a long user name.
Dave Airlie Pam Smb 1.1.5
Luke Kenneth Casson Leighton Pam Ntdom 0.23
6.4
CVSSv2
CVE-2018-9275
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 up to and including 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum numbe...
Yubico Yubico Pam
10
CVSSv2
CVE-2005-0002
poppassd_pam 1.0 and previous versions, when changing a user password, does not verify that the user entered the old password correctly, which allows remote malicious users to change passwords for arbitrary users.
Gentoo Poppassd Pam
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »