Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam pam vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2003-0388
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
Andrew Morgan Linux Pam
1 EDB exploit
7.2
CVSSv2
CVE-2007-0003
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent malicious users to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
Andrew Morgan Linux Pam 0.99.7.0
6.8
CVSSv2
CVE-2011-0438
nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote malicious users to bypass authentication.
Arthurdejong Nss-pam-ldapd 0.8.0
5
CVSSv2
CVE-2009-1273
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote malicious users to enumerate usernames.
Andrew J.korty Pam Ssh 1.92
7.2
CVSSv2
CVE-2019-16729
pam-python prior to 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.
Pam-python Project Pam-python
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
1 Github repository
4.6
CVSSv2
CVE-2021-31924
Yubico pam-u2f prior to 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature verification to be bypassed, so an attacker would st...
Yubico Pam-u2f
Fedoraproject Fedora 34
Fedoraproject Fedora 35
4.3
CVSSv2
CVE-2020-13881
In support.c in pam_tacplus 1.3.8 up to and including 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Pam Tacplus Project Pam Tacplus
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Arista Cloudvision Portal
5
CVSSv2
CVE-2000-0668
pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.
Conectiva Linux 4.0
Conectiva Linux 4.0es
Michael K. Johnson Pam Console 0.66
Michael K. Johnson Pam Console 0.72 Unpatched
Conectiva Linux 4.1
Conectiva Linux 4.2
Conectiva Linux 5.0
Conectiva Linux 5.1
Redhat Linux 6.0
Redhat Linux 6.2
Redhat Linux 6.1
1 EDB exploit
5
CVSSv2
CVE-2015-9542
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and cr...
Freeradius Pam Radius 1.4.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
6.9
CVSSv2
CVE-2010-0832
pam_motd (aka the MOTD module) in libpam-modules prior to 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules prior to 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's hom...
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 9.10
2 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »