Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam pam vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is ...
Yubico Pam-u2f 1.0.7
605
VMScore
CVE-2011-0438
nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote malicious users to bypass authentication.
Arthurdejong Nss-pam-ldapd 0.8.0
641
VMScore
CVE-2007-0003
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent malicious users to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
Andrew Morgan Linux Pam 0.99.7.0
445
VMScore
CVE-2009-1273
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote malicious users to enumerate usernames.
Andrew J.korty Pam Ssh 1.92
641
VMScore
CVE-2019-16729
pam-python prior to 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.
Pam-python Project Pam-python
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
1 Github repository
409
VMScore
CVE-2021-31924
Yubico pam-u2f prior to 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature verification to be bypassed, so an attacker would st...
Yubico Pam-u2f
Fedoraproject Fedora 34
Fedoraproject Fedora 35
383
VMScore
CVE-2020-13881
In support.c in pam_tacplus 1.3.8 up to and including 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Pam Tacplus Project Pam Tacplus
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Arista Cloudvision Portal
505
VMScore
CVE-2000-0668
pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.
Conectiva Linux 4.0
Conectiva Linux 4.0es
Michael K. Johnson Pam Console 0.66
Michael K. Johnson Pam Console 0.72 Unpatched
Conectiva Linux 4.1
Conectiva Linux 4.2
Conectiva Linux 5.0
Conectiva Linux 5.1
Redhat Linux 6.0
Redhat Linux 6.2
Redhat Linux 6.1
1 EDB exploit
445
VMScore
CVE-2015-9542
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and cr...
Freeradius Pam Radius 1.4.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
700
VMScore
CVE-2010-0832
pam_motd (aka the MOTD module) in libpam-modules prior to 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules prior to 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's hom...
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 9.10
2 EDB exploits
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
CVE-2023-52162
CVE-2024-23670
CVE-2024-5404
man-in-the-middle
CVE-2024-5214
CVE-2024-4358
CVE-2024-20696
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »