Vulnerabilities > Linux PAM > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-02-06 CVE-2024-22365 Unspecified vulnerability in Linux-Pam
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
local
low complexity
linux-pam
5.5
5.5
2015-08-24 CVE-2015-3238 Information Exposure vulnerability in multiple products
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
network
low complexity
linux-pam oracle CWE-200
6.5
6.5