Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pam vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1227
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote malicious users to gain privileges as disabled users.
Pam Pam 0.76
NA
CVE-2004-0366
SQL injection vulnerability in the libpam-pgsql library prior to 0.5.2 allows malicious users to execute arbitrary SQL statements.
Pam-pgsql Pam-pgsql
NA
CVE-2006-5659
PAM_extern prior to 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio...
Pam Extern Pam Extern
9.8
CVSSv3
CVE-2020-27780
A flaw was found in Linux-Pam in versions before 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Linux-pam Linux-pam
5.5
CVSSv3
CVE-2024-22365
linux-pam (aka Linux PAM) prior to 1.6.0 allows malicious users to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Linux-pam Linux-pam
9.8
CVSSv3
CVE-2022-28321
The Linux-PAM package prior to 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user wi...
Linux-pam Linux-pam
NA
CVE-2009-1384
pam_krb5 2.2.14 up to and including 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote malicious users to enumerate valid usernames.
Eyrie Pam-krb5 2.2.14
Eyrie Pam-krb5 2.3.4
Eyrie Pam-krb5 2.3
NA
CVE-2010-3430
The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group permissio...
Linux-pam Linux-pam 1.1.2
7
CVSSv3
CVE-2020-36394
pam_setquota.c in the pam_setquota module prior to 2020-05-29 for Linux-PAM allows local malicious users to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.
Pam Setquota Project Pam Setquota
NA
CVE-2014-2583
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) P...
Linux-pam Linux-pam 1.1.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »