Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam pam vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-12700
A vulnerability in the configuration of the Pluggable Authentication Module (PAM) used in Cisco Firepower Threat Defense (FTD) Software, Cisco Firepower Management Center (FMC) Software, and Cisco FXOS Software could allow an authenticated, remote malicious user to cause a denial...
Cisco Firepower 9300 Firmware R114
Cisco Firepower 9300 Firmware R241
Cisco Firepower Extensible Operating System
Cisco Firepower Management Center
Cisco Firepower Threat Defense
7.8
CVSSv3
CVE-2019-16729
pam-python prior to 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.
Pam-python Project Pam-python
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
1 Github repository
7.5
CVSSv3
CVE-2019-16058
An issue exists in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme.
Opensc Project Opensc 0.3.0
Opensc Project Opensc 0.2.0
7.5
CVSSv3
CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is ...
Yubico Pam-u2f 1.0.7
8.1
CVSSv3
CVE-2019-12210
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read fro...
Yubico Pam-u2f 1.0.7
4.3
CVSSv3
CVE-2019-10319
A missing permission check in Jenkins PAM Authentication Plugin 1.5 and previous versions, except 1.4.1 in PamSecurityRealm.DescriptorImpl#doTest allowed users with Overall/Read permission to obtain limited information about the file /etc/shadow and the user Jenkins is running as...
Jenkins Pluggable Authentication Module 1.2
Jenkins Pluggable Authentication Module 1.1
Jenkins Pluggable Authentication Module 1.0
Jenkins Pluggable Authentication Module 1.4
Jenkins Pluggable Authentication Module 1.5
Jenkins Pluggable Authentication Module 1.3
9.8
CVSSv3
CVE-2019-5021
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of t...
Gliderlabs Docker-alpine
Opensuse Leap 15.0
Opensuse Leap 15.1
F5 Big-ip Controller 1.2.1
3 Github repositories
7
CVSSv3
CVE-2019-3842
In systemd before v242-rc4, it exists that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked ...
Systemd Project Systemd 242
Systemd Project Systemd
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 30
Debian Debian Linux 8.0
1 EDB exploit
6.8
CVSSv3
CVE-2018-20340
Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the af...
Yubico Libu2f-host 1.1.6
Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2018-20781
In pam/gkr-pam-module.c in GNOME Keyring prior to 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Gnome Gnome Keyring
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627
CVE-2022-45803
CVE-2024-38319
camera
template injection
CVE-2024-27801
CVE-2024-0762
CVE-2024-5791
unauthorized
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »