Vulnerabilities > Linux PAM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-10041 | Insecure Storage of Sensitive Information vulnerability in Linux-Pam A vulnerability was found in PAM. | 4.7 |
| 2024-02-06 | CVE-2024-22365 | Unspecified vulnerability in Linux-Pam linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | 5.5 |
| 2022-09-19 | CVE-2022-28321 | Improper Authentication vulnerability in Linux-Pam The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. | 9.8 |
| 2020-12-18 | CVE-2020-27780 | Improper Authentication vulnerability in Linux-Pam 1.5.0 A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. | 10.0 |
| 2015-08-24 | CVE-2015-3238 | Information Exposure vulnerability in multiple products The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. | 6.5 |
| 2014-04-10 | CVE-2014-2583 | Path Traversal vulnerability in Linux-Pam 1.1.8 Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. | 5.8 |
| 2011-01-24 | CVE-2010-4708 | Unspecified vulnerability in Linux-Pam The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check. | 7.2 |
| 2011-01-24 | CVE-2010-3853 | Unspecified vulnerability in Linux-Pam pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program. local linux-pam | 6.9 |
| 2009-04-16 | CVE-2009-0579 | Permissions, Privileges, and Access Controls vulnerability in Linux-Pam Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. | 4.6 |