Linux Pam
Products
9- 23 CVEs
- 14 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
35| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-38492 | Cri | 0.61 | — | 0.01 | Jul 15, 2024 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||
| CVE-2024-36456 | Cri | 0.61 | — | 0.01 | Jul 15, 2024 | This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||
| CVE-2025-24505 | Hig | 0.57 | — | 0.00 | Jan 30, 2025 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. | ||
| CVE-2024-38494 | Hig | 0.56 | — | 0.01 | Jul 15, 2024 | This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | ||
| CVE-2025-6020 | Hig | 0.51 | 7.8 | 0.00 | Jun 17, 2025 | A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. | ||
| CVE-2024-10963 | Hig | 0.48 | 7.4 | 0.01 | Nov 7, 2024 | A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems… | ||
| CVE-2015-3238 | Med | 0.42 | 6.5 | 0.03 | Aug 24, 2015 | The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. | ||
| CVE-2026-54411 | Med | 0.38 | 5.9 | 0.00 | Jun 14, 2026 | Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling… | ||
| CVE-2024-22365 | Med | 0.36 | 5.5 | 0.00 | Feb 6, 2024 | linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | ||
| CVE-2016-4982 | Med | 0.31 | 4.7 | 0.00 | Jul 17, 2017 | authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it. | ||
| CVE-2003-0388 | 0.03 | — | 0.01 | Jul 24, 2003 | pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name. | |||
| CVE-2000-0843 | 0.01 | — | 0.07 | Nov 14, 2000 | Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name. | |||
| CVE-2022-28321 | 0.00 | — | 0.01 | Sep 19, 2022 | The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with… | |||
| CVE-2022-25625 | 0.00 | — | 0.01 | Aug 26, 2022 | A malicious unauthorized PAM user can access the administration configuration data and change the values. | |||
| CVE-2020-36394 | 0.00 | — | 0.00 | Jun 22, 2021 | pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home. | |||
| CVE-2020-27780 | 0.00 | — | 0.02 | Dec 17, 2020 | A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. | |||
| CVE-2018-17953 | 0.00 | — | 0.01 | Nov 27, 2018 | A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open). | |||
| CVE-2013-7041 | 0.00 | — | 0.02 | May 8, 2014 | The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. | |||
| CVE-2014-2583 | 0.00 | — | 0.04 | Apr 10, 2014 | Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2)… | |||
| CVE-2011-3149 | 0.00 | — | 0.01 | Jul 22, 2012 | The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption). |
- risk 0.61cvss —epss 0.01
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
- risk 0.61cvss —epss 0.01
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
- risk 0.57cvss —epss 0.00
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.
- risk 0.56cvss —epss 0.01
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
- risk 0.51cvss 7.8epss 0.00
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
- risk 0.48cvss 7.4epss 0.01
A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems…
- risk 0.42cvss 6.5epss 0.03
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
- risk 0.38cvss 5.9epss 0.00
Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling…
- risk 0.36cvss 5.5epss 0.00
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
- risk 0.31cvss 4.7epss 0.00
authd sets weak permissions for /etc/ident.key, which allows local users to obtain the key by leveraging a race condition between the creation of the key, and the chmod to protect it.
- CVE-2003-0388Jul 24, 2003risk 0.03cvss —epss 0.01
pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name.
- CVE-2000-0843Nov 14, 2000risk 0.01cvss —epss 0.07
Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name.
- CVE-2022-28321Sep 19, 2022risk 0.00cvss —epss 0.01
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with…
- CVE-2022-25625Aug 26, 2022risk 0.00cvss —epss 0.01
A malicious unauthorized PAM user can access the administration configuration data and change the values.
- CVE-2020-36394Jun 22, 2021risk 0.00cvss —epss 0.00
pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home.
- CVE-2020-27780Dec 17, 2020risk 0.00cvss —epss 0.02
A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
- CVE-2018-17953Nov 27, 2018risk 0.00cvss —epss 0.01
A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
- CVE-2013-7041May 8, 2014risk 0.00cvss —epss 0.02
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.
- CVE-2014-2583Apr 10, 2014risk 0.00cvss —epss 0.04
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2)…
- CVE-2011-3149Jul 22, 2012risk 0.00cvss —epss 0.01
The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service (CPU consumption).