Vulnerabilities > Linux PAM > Linux PAM > 0.99.6.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-06 | CVE-2024-22365 | Unspecified vulnerability in Linux-Pam linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. | 5.5 |
2022-09-19 | CVE-2022-28321 | Improper Authentication vulnerability in Linux-Pam The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. | 9.8 |
2015-08-24 | CVE-2015-3238 | Information Exposure vulnerability in multiple products The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. | 6.5 |
2011-01-24 | CVE-2010-4708 | Unspecified vulnerability in Linux-Pam The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment by executing a program that relies on the pam_env PAM check. | 7.2 |
2011-01-24 | CVE-2010-3853 | Unspecified vulnerability in Linux-Pam pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pam_namespace PAM check, as demonstrated by the sudo program. local linux-pam | 6.9 |
2009-04-16 | CVE-2009-0579 | Permissions, Privileges, and Access Controls vulnerability in Linux-Pam Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified. | 4.6 |