Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam pam vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-1901
Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable.
NA
CVE-2024-2921
Improper access control in PAM vault permissions in Devolutions Server 2024.1.10.0 and previous versions allows an authenticated user with access to the PAM to access unauthorized PAM entries via a specific set of permissions.
2.1
CVSSv2
CVE-2018-20781
In pam/gkr-pam-module.c in GNOME Keyring prior to 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Gnome Gnome Keyring
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
4.4
CVSSv2
CVE-2019-3842
In systemd before v242-rc4, it exists that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked ...
Systemd Project Systemd 242
Systemd Project Systemd
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 30
Debian Debian Linux 8.0
1 EDB exploit
NA
CVE-2024-2918
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and previous versions allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request.
NA
CVE-2022-37030
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 up to and including 1.x prior to 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.
Grommunio Gromox
7.2
CVSSv2
CVE-2001-1147
The PAM implementation in /bin/login of the util-linux package prior to 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
Andries Brouwer Util-linux 2.11k
Andries Brouwer Util-linux 2.11i
Andries Brouwer Util-linux 2.11h
Andries Brouwer Util-linux 2.10s
Andries Brouwer Util-linux 2.11f
NA
CVE-2023-5240
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
Devolutions Devolutions Server
7.5
CVSSv2
CVE-2017-6967
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.
Neutrinolabs Xrdp 0.9.1
NA
CVE-2024-2915
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and previous versions allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »