Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-10595
pam-krb5 prior to 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to...
Pam-krb5 Project Pam-krb5
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2012-2350
pam_shield prior to 0.9.4: Default configuration does not perform protective action
Pam Shield Project Pam Shield
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
8.1
CVSSv3
CVE-2019-12210
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read fro...
Yubico Pam-u2f 1.0.7
NA
CVE-2002-0374
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows malicious users to execute arbitrary code via format strings in the configuration file name.
Padl Software Pam Ldap
NA
CVE-2013-7041
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for malicious users to guess the password via a brute force attack.
Cristian Gafton Pam Userdb -
NA
CVE-2005-2641
Unknown vulnerability in pam_ldap prior to 180 does not properly handle a new password policy control, which could allow malicious users to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.
Padl Software Pam Ldap
7.5
CVSSv3
CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is ...
Yubico Pam-u2f 1.0.7
NA
CVE-2013-4285
A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory.
Dkorunic Pam S\\/key -
NA
CVE-2003-0388
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
Andrew Morgan Linux Pam
1 EDB exploit
NA
CVE-2003-0734
Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.
Padl Software Pam Ldap
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »