VYPR

Pam

by Linux Pam

CVEs (14)

  • CVE-2024-38492CriJul 15, 2024
    risk 0.61cvss epss 0.01

    This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.

  • CVE-2024-36456CriJul 15, 2024
    risk 0.61cvss epss 0.01

    This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.

  • CVE-2025-24505HigJan 30, 2025
    risk 0.57cvss epss 0.00

    This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.

  • CVE-2022-25625HigAug 26, 2022
    risk 0.57cvss 8.8epss 0.01

    A malicious unauthorized PAM user can access the administration configuration data and change the values.

  • CVE-2024-38494HigJul 15, 2024
    risk 0.56cvss epss 0.01

    This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.

  • CVE-2018-17953HigNov 27, 2018
    risk 0.49cvss 7.5epss 0.01

    A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).

  • CVE-2010-4708Jan 24, 2011
    risk 0.00cvss epss 0.00

    The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check.

  • CVE-2010-3435Jan 24, 2011
    risk 0.00cvss epss 0.00

    The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem…

  • CVE-2010-3431Jan 24, 2011
    risk 0.00cvss epss 0.00

    The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as…

  • CVE-2010-3430Jan 24, 2011
    risk 0.00cvss epss 0.00

    The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the required setfsgid and setgroups system calls, which might allow local users to obtain sensitive information by leveraging unintended group…

  • CVE-2009-0887Mar 12, 2009
    risk 0.00cvss epss 0.02

    Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow remote authenticated users to…

  • CVE-2005-2977Nov 1, 2005
    risk 0.00cvss epss 0.00

    The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

  • CVE-2002-1227Oct 28, 2002
    risk 0.00cvss epss 0.02

    PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.

  • CVE-1999-0342Dec 1, 1998
    risk 0.00cvss epss 0.00

    Linux PAM modules allow local users to gain root access using temporary files.