Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
187
VMScore
CVE-2018-20781
In pam/gkr-pam-module.c in GNOME Keyring prior to 3.27.2, the user's password is kept in a session-child process spawned from the LightDM daemon. This can expose the credential in cleartext.
Gnome Gnome Keyring
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
NA
CVE-2022-37030
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 up to and including 1.x prior to 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module.
Grommunio Gromox
NA
CVE-2024-2918
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.6 and previous versions allows an attacker with access to the PAM JIT elevation feature to forge the displayed group in the PAM JIT elevation checkout request via a specially crafted request.
641
VMScore
CVE-2001-1147
The PAM implementation in /bin/login of the util-linux package prior to 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
Andries Brouwer Util-linux 2.11f
Andries Brouwer Util-linux 2.11i
Andries Brouwer Util-linux 2.11k
Andries Brouwer Util-linux 2.10s
Andries Brouwer Util-linux 2.11h
445
VMScore
CVE-2019-3842
In systemd before v242-rc4, it exists that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked ...
Systemd Project Systemd 242
Systemd Project Systemd
Redhat Enterprise Linux 7.0
Fedoraproject Fedora 30
Debian Debian Linux 8.0
1 EDB exploit
668
VMScore
CVE-2011-4120
Yubico PAM Module prior to 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authent...
Yubico Pam Module
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
NA
CVE-2023-5240
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.
Devolutions Devolutions Server
NA
CVE-2024-2915
Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and previous versions allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.
668
VMScore
CVE-2017-6967
xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass.
Neutrinolabs Xrdp 0.9.1
NA
CVE-2024-5072
Improper input validation in PAM JIT elevation feature in Devolutions Server 2024.1.11.0 and previous versions allows an authenticated user with access to the PAM JIT elevation feature to manipulate the LDAP filter query via a specially crafted request.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »