Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2018-20781
In pam/gkr-pam-module.c in GNOME Keyring prior to 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Gnome Gnome Keyring
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
NA
CVE-2024-2918
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and previous versions allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request.
7.8
CVSSv3
CVE-2022-37030
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 up to and including 1.x prior to 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.
Grommunio Gromox
NA
CVE-2001-1147
The PAM implementation in /bin/login of the util-linux package prior to 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
Andries Brouwer Util-linux 2.11f
Andries Brouwer Util-linux 2.11i
Andries Brouwer Util-linux 2.11k
Andries Brouwer Util-linux 2.10s
Andries Brouwer Util-linux 2.11h
7
CVSSv3
CVE-2019-3842
In systemd before v242-rc4, it exists that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked ...
Systemd Project Systemd 242
Systemd Project Systemd
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 30
Debian Debian Linux 8.0
1 EDB exploit
9.8
CVSSv3
CVE-2011-4120
Yubico PAM Module prior to 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authent...
Yubico Pam Module
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2023-5240
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
Devolutions Devolutions Server
NA
CVE-2024-2915
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and previous versions allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.
7.3
CVSSv3
CVE-2017-6967
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.
Neutrinolabs Xrdp 0.9.1
NA
CVE-2024-5072
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and previous versions allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »