Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2016-20014
In pam_tacplus.c in pam_tacplus prior to 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
Pam Tacplus Project Pam Tacplus
418
VMScore
CVE-2010-3430
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissio...
Linux-pam Linux-pam 1.1.2
169
VMScore
CVE-2010-3431
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrat...
Linux-pam Linux-pam 1.1.2
570
VMScore
CVE-2007-0844
The auth_via_key function in pam_ssh.c in pam_ssh prior to 1.92, when the allow_blank_passphrase option is disabled, allows remote malicious users to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...
Pam Ssh Pam Ssh 1.91
668
VMScore
CVE-2005-2949
pam_per_user prior to 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during ...
Mark D. Roth Pam Per User 0.1
Mark D. Roth Pam Per User 0.2
Mark D. Roth Pam Per User 0.3
668
VMScore
CVE-2003-0672
Format string vulnerability in pam-pgsql 0.5.2 and previous versions allows remote malicious users to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.
Leon J Breedt Pam-pgsql 0.5.2
Leon J Breedt Pam-pgsql 0.5.1
890
VMScore
CVE-2000-0843
Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote malicious users to execute arbitrary commands via a login with a long user name.
Dave Airlie Pam Smb 1.1.5
Luke Kenneth Casson Leighton Pam Ntdom 0.23
668
VMScore
CVE-2001-1369
Leon J Breedt pam-pgsql prior to 0.5.2 allows remote malicious users to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
Leon J Breedt Pam-pgsql 0.5.2
Leon J Breedt Pam-pgsql 0.5.1
890
VMScore
CVE-2005-0002
poppassd_pam 1.0 and previous versions, when changing a user password, does not verify that the user entered the old password correctly, which allows remote malicious users to change passwords for arbitrary users.
Gentoo Poppassd Pam
570
VMScore
CVE-2018-9275
In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 up to and including 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device) and/or DoS (reaching the maximum numbe...
Yubico Yubico Pam
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »