CVE-2024-10041

all versions

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to

4.7MEDIUM

CVE-2024-22365

< 1.6.0

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because th

5.5MEDIUM

CVE-2022-28321

< 1.5.2-6.1

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so modu

9.8CRITICAL

CVE-2020-27780

>= 1.5.0 and < 1.5.1

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the use

9.8CRITICAL

CVE-2018-17953

all versions

A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enter

7.5HIGH

CVE-2015-3238

<= 1.1.8

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access pa

6.5MEDIUM

CVE-2014-2583

all versions

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow lo

CVE-2011-3149

<= 1.1.4

The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly h

CVE-2011-3148

<= 1.1.4

Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows

CVE-2010-4708

<= 1.1.2

The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which migh

CVE-2010-4707

<= 1.1.2

The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a cert

CVE-2010-4706

<= 1.1.2

The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properl

CVE-2010-3853

<= 1.1.2

pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application o

CVE-2010-3435

<= 1.1.1

The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and d

CVE-2010-3431

all versions

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the

CVE-2010-3430

all versions

The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform th

CVE-2010-3316

<= 1.1.1

The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return va

CVE-2009-0579

<= 1.0.4

Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users t

CVE-2009-0887

<= 1.0.3

Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configu

CVE-2007-0003

all versions

pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/p

CVE-2003-0388

<= 0.77

pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entrie