Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linux-pam linux-pam vulnerabilities and exploits
(subscribe to this query)
891
VMScore
CVE-2019-5021
Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of t...
Gliderlabs Docker-alpine
Opensuse Leap 15.0
Opensuse Leap 15.1
F5 Big-ip Controller 1.2.1
3 Github repositories
890
VMScore
CVE-2020-27780
A flaw was found in Linux-Pam in versions before 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Linux-pam Linux-pam
828
VMScore
CVE-2018-17953
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
Kernel Linux-pam 1.3.0
700
VMScore
CVE-2010-0832
pam_motd (aka the MOTD module) in libpam-modules prior to 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules prior to 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's hom...
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 9.10
2 EDB exploits
641
VMScore
CVE-2010-4708
The pam_env module in Linux-PAM (aka pam) 1.1.2 and previous versions reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.
Linux-pam Linux-pam 1.0.0
Linux-pam Linux-pam 0.99.9.0
Linux-pam Linux-pam 0.99.6.0
Linux-pam Linux-pam 0.99.6.1
Linux-pam Linux-pam 0.99.1.0
Linux-pam Linux-pam 0.99.2.0
Linux-pam Linux-pam 0.99.2.1
Linux-pam Linux-pam 1.0.4
Linux-pam Linux-pam 1.0.1
Linux-pam Linux-pam 1.1.0
Linux-pam Linux-pam 0.99.5.0
Linux-pam Linux-pam 0.99.8.0
Linux-pam Linux-pam 0.99.8.1
Linux-pam Linux-pam 1.0.3
Linux-pam Linux-pam 0.99.6.2
Linux-pam Linux-pam 0.99.6.3
Linux-pam Linux-pam 0.99.3.0
Linux-pam Linux-pam 0.99.4.0
Linux-pam Linux-pam 0.99.10.0
Linux-pam Linux-pam 1.1.1
Linux-pam Linux-pam 1.0.2
Linux-pam Linux-pam 0.99.7.0
1 Github repository
641
VMScore
CVE-2007-0003
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent malicious users to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
Andrew Morgan Linux Pam 0.99.7.0
614
VMScore
CVE-2020-36394
pam_setquota.c in the pam_setquota module prior to 2020-05-29 for Linux-PAM allows local malicious users to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.
Pam Setquota Project Pam Setquota
614
VMScore
CVE-2010-3853
pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) prior to 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on...
Linux-pam Linux-pam 1.0.4
Linux-pam Linux-pam 1.0.2
Linux-pam Linux-pam 1.1.0
Linux-pam Linux-pam 0.99.7.1
Linux-pam Linux-pam 0.99.8.0
Linux-pam Linux-pam 1.0.3
Linux-pam Linux-pam 1.1.1
Linux-pam Linux-pam 0.99.6.3
Linux-pam Linux-pam 0.99.7.0
Linux-pam Linux-pam 0.99.4.0
Linux-pam Linux-pam
Linux-pam Linux-pam 0.99.9.0
Linux-pam Linux-pam 0.99.8.1
Linux-pam Linux-pam 0.99.6.1
Linux-pam Linux-pam 0.99.6.2
Linux-pam Linux-pam 0.99.2.1
Linux-pam Linux-pam 0.99.3.0
Linux-pam Linux-pam 1.0.1
Linux-pam Linux-pam 1.0.0
Linux-pam Linux-pam 0.99.5.0
Linux-pam Linux-pam 0.99.6.0
Linux-pam Linux-pam 0.99.10.0
587
VMScore
CVE-2009-0887
Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and previous versions, when a configuration file contains non-ASCII usernames, might allow remote malicious users to cause a denial of service, and might allow remote authentica...
Linux-pam Linux-pam 0.99.1.0
Linux-pam Linux-pam 0.99.2.0
Linux-pam Linux-pam 0.99.2.1
Linux-pam Linux-pam 0.99.3.0
Linux-pam Linux-pam 0.99.4.0
Linux-pam Linux-pam 0.99.5.0
Linux-pam Linux-pam 0.99.6.0
Linux-pam Linux-pam 0.99.6.1
Linux-pam Linux-pam 0.99.6.2
Linux-pam Linux-pam 0.99.6.3
Linux-pam Linux-pam 0.99.7.0
Linux-pam Linux-pam 0.99.7.1
Linux-pam Linux-pam 0.99.8.0
Linux-pam Linux-pam 0.99.8.1
Linux-pam Linux-pam 0.99.9.0
Linux-pam Linux-pam 0.99.10.0
Linux-pam Linux-pam 1.0.0
Linux-pam Linux-pam 1.0.1
Linux-pam Linux-pam 1.0.2
Linux-pam Linux-pam
552
VMScore
CVE-1999-0342
Linux PAM modules allow local users to gain root access using temporary files.
Pam Pam
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »