Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2016-20014
In pam_tacplus.c in pam_tacplus prior to 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
Pam Tacplus Project Pam Tacplus
7
CVSSv3
CVE-2020-36394
pam_setquota.c in the pam_setquota module prior to 2020-05-29 for Linux-PAM allows local malicious users to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.
Pam Setquota Project Pam Setquota
NA
CVE-2010-3430
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissio...
Linux-pam Linux-pam 1.1.2
NA
CVE-2010-3431
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrat...
Linux-pam Linux-pam 1.1.2
NA
CVE-2005-2949
pam_per_user prior to 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during ...
Mark D. Roth Pam Per User 0.1
Mark D. Roth Pam Per User 0.2
Mark D. Roth Pam Per User 0.3
NA
CVE-2001-1369
Leon J Breedt pam-pgsql prior to 0.5.2 allows remote malicious users to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
Leon J Breedt Pam-pgsql 0.5.2
Leon J Breedt Pam-pgsql 0.5.1
NA
CVE-2003-0672
Format string vulnerability in pam-pgsql 0.5.2 and previous versions allows remote malicious users to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
Leon J Breedt Pam-pgsql 0.5.2
Leon J Breedt Pam-pgsql 0.5.1
NA
CVE-2000-0843
Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote malicious users to execute arbitrary commands via a login with a long user name.
Dave Airlie Pam Smb 1.1.5
Luke Kenneth Casson Leighton Pam Ntdom 0.23
8.2
CVSSv3
CVE-2018-9275
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 up to and including 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum numbe...
Yubico Yubico Pam
NA
CVE-2005-0002
poppassd_pam 1.0 and previous versions, when changing a user password, does not verify that the user entered the old password correctly, which allows remote malicious users to change passwords for arbitrary users.
Gentoo Poppassd Pam
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »