Vulnerabilities > Linux PAM > Linux PAM > 1.1.8

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-22365 Unspecified vulnerability in Linux-Pam
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
local
low complexity
linux-pam
5.5
5.5
2022-09-19 CVE-2022-28321 Improper Authentication vulnerability in Linux-Pam
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins.
network
low complexity
linux-pam CWE-287
critical
 9.8
9.8
2015-08-24 CVE-2015-3238 Information Exposure vulnerability in multiple products
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
network
low complexity
linux-pam oracle CWE-200
6.5
6.5
2014-04-10 CVE-2014-2583 Path Traversal vulnerability in Linux-Pam 1.1.8
Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a ..
network
linux-pam CWE-22
5.8
5.8