Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam pam vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-7041
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for malicious users to guess the password via a brute force attack.
Cristian Gafton Pam Userdb -
NA
CVE-2009-1273
pam_ssh 1.92 and possibly other versions, as used when PAM is compiled with USE=ssh, generates different error messages depending on whether the username is valid or invalid, which makes it easier for remote malicious users to enumerate usernames.
Andrew J.korty Pam Ssh 1.92
NA
CVE-2007-0003
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent malicious users to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
Andrew Morgan Linux Pam 0.99.7.0
NA
CVE-2011-0438
nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote malicious users to bypass authentication.
Arthurdejong Nss-pam-ldapd 0.8.0
7.8
CVSSv3
CVE-2019-16729
pam-python prior to 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.
Pam-python Project Pam-python
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
1 Github repository
6.8
CVSSv3
CVE-2021-31924
Yubico pam-u2f prior to 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature verification to be bypassed, so an attacker would st...
Yubico Pam-u2f
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv3
CVE-2020-13881
In support.c in pam_tacplus 1.3.8 up to and including 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
Pam Tacplus Project Pam Tacplus
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 20.04
Arista Cloudvision Portal
NA
CVE-2000-0668
pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.
Conectiva Linux 4.0
Conectiva Linux 4.0es
Michael K. Johnson Pam Console 0.66
Michael K. Johnson Pam Console 0.72 Unpatched
Conectiva Linux 4.1
Conectiva Linux 4.2
Conectiva Linux 5.0
Conectiva Linux 5.1
Redhat Linux 6.0
Redhat Linux 6.2
Redhat Linux 6.1
1 EDB exploit
7.5
CVSSv3
CVE-2015-9542
add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and cr...
Freeradius Pam Radius 1.4.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
NA
CVE-2010-0832
pam_motd (aka the MOTD module) in libpam-modules prior to 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules prior to 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's hom...
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 9.10
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »