from 0
from 0, < 1.4.0-9+deb11u2
HIGH7.4CVE-2024-10963A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. from 0, < 1.7.0-5
MEDIUM6.5The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords,…
from 0, < 1.1.8-3.2
MEDIUM5.5pam - security update
from 0, < 1.4.0-9+deb11u2
MEDIUM5.5pam - security update
from 0, < 1.4.0-9+deb11u2
MEDIUM4.7A vulnerability was found in PAM.
from 0
—The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the…
from 0, < 1.1.8-3.1
—Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1…
from 0, < 1.1.3-7
—Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users…
from 0, < 1.1.8-3.1
—The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle whe…
from 0, < 1.1.3-5
—pam - several
from 0, < 1.1.1-6.1+squeeze1
—pam - several
from 0, < 1.1.3-5
—The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow l…
from 0, < 1.1.3-7.1
—The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL f…
from 0, < 1.1.3-1
—The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle…
from 0, < 1.1.3-1
—pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service…
from 0, < 1.1.3-1
—The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directorie…
from 0, < 1.1.3-1
—The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return va…
from 0, < 1.1.3-1
—The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the require…
from 0, < 1.1.3-1
—The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of t…
from 0, < 1.1.2-1
—pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system aut…
from 0, < 1.0.1-10
—Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass…
from 0, < 1.0.1-10
—Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration fi…
from 0, < 1.0.1-10
—The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does n…
from 0, < 0.99.7.1-2
—PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as d…
from 0, < 0.76-6