Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-3430
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissio...
Linux-pam Linux-pam 1.1.2
NA
CVE-2010-3431
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrat...
Linux-pam Linux-pam 1.1.2
NA
CVE-2014-2583
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) P...
Linux-pam Linux-pam 1.1.8
9.8
CVSSv3
CVE-2016-20014
In pam_tacplus.c in pam_tacplus prior to 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
Pam Tacplus Project Pam Tacplus
NA
CVE-2005-2949
pam_per_user prior to 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during ...
Mark D. Roth Pam Per User 0.3
Mark D. Roth Pam Per User 0.1
Mark D. Roth Pam Per User 0.2
NA
CVE-2003-0672
Format string vulnerability in pam-pgsql 0.5.2 and previous versions allows remote malicious users to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
Leon J Breedt Pam-pgsql 0.5.2
Leon J Breedt Pam-pgsql 0.5.1
NA
CVE-2000-0843
Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote malicious users to execute arbitrary commands via a login with a long user name.
Dave Airlie Pam Smb 1.1.5
Luke Kenneth Casson Leighton Pam Ntdom 0.23
NA
CVE-2001-1369
Leon J Breedt pam-pgsql prior to 0.5.2 allows remote malicious users to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
Leon J Breedt Pam-pgsql 0.5.2
Leon J Breedt Pam-pgsql 0.5.1
9.8
CVSSv3
CVE-2020-10595
pam-krb5 prior to 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to...
Pam-krb5 Project Pam-krb5
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2012-2350
pam_shield prior to 0.9.4: Default configuration does not perform protective action
Pam Shield Project Pam Shield
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »