Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2009-3232
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote malicious users to ...
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
614
VMScore
CVE-2011-3628
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules prior to 1.1.3-2ubuntu2.1 on Ubuntu 11.10, prior to 1.1.2-2ubuntu8.4 on Ubuntu 11.04, prior to 1.1.1-4ubuntu2.4 on Ubuntu 10.10, prior to 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and prior to 0.9...
Canonical Libpam-modules 1.1.2
Canonical Libpam-modules 0.9.7
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 10.10
Canonical Ubuntu Linux 11.04
Canonical Libpam-modules 1.1.1
Canonical Libpam-modules 1.1.3
Canonical Ubuntu Linux 11.10
641
VMScore
CVE-2013-1052
pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo.
Canonical Ubuntu Linux 12.10
755
VMScore
CVE-2012-1502
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and previous versions allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
Pypam Pypam
1 EDB exploit
890
VMScore
CVE-2003-0786
The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote malicious users to gain privileges.
Openbsd Openssh 3.7.1p1
Openbsd Openssh 3.7.1
515
VMScore
CVE-2003-0190
OpenSSH-portable (OpenSSH) 3.6.1p1 and previous versions with PAM support enabled immediately sends an error message when a user does not exist, which allows remote malicious users to determine valid usernames via a timing attack.
Openbsd Openssh
Openbsd Openssh 3.6.1
Openpkg Openpkg 1.3
Openpkg Openpkg 1.2
Siemens Scalance X204rna Ecc Firmware
Siemens Scalance X204rna Firmware
3 EDB exploits
641
VMScore
CVE-2018-10380
kwallet-pam in KDE KWallet prior to 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
Kde Plasma
Debian Debian Linux 9.0
Opensuse Leap 15.0
Opensuse Leap 42.3
668
VMScore
CVE-2003-0787
The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows malicious users to modify the stack and possibly gain privileges.
Openbsd Openssh 3.7.1
Openbsd Openssh 3.7.1p1
NA
CVE-2020-18471
This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 (x86) in Virtual...
445
VMScore
CVE-2019-16058
An issue exists in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme.
Opensc Project Opensc 0.3.0
Opensc Project Opensc 0.2.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »