Search CVE reports
1 – 10 of 79 results
CVE-2024-10963
Medium priorityA flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining...
1 affected packages
pam
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2024-10041
Medium priorityA vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train...
1 affected packages
pam
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2024-22365
Medium prioritylinux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
1 affected packages
pam
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam | — | Fixed | Fixed | Fixed | Fixed |
CVE-2023-3326
Low prioritypam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a...
2 affected packages
libpam-krb5, sssd
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libpam-krb5 | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
sssd | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Vulnerable |
CVE-2022-28321
Negligible priorityThe Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not...
1 affected packages
pam
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam | — | Fixed | Fixed | Fixed | Fixed |
CVE-2016-20014
Low priorityIn pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
1 affected packages
libpam-tacplus
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libpam-tacplus | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2021-32762
Negligible priorityRedis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies....
7 affected packages
discque, hiredis, nginx, python-hiredis, redis...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
discque | Not in release | Not in release | Not in release | Not in release | Ignored |
hiredis | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
nginx | Not affected | Not affected | Not affected | Not affected | Not affected |
python-hiredis | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
redis | Not affected | Not affected | Not affected | Not affected | Needs evaluation |
rspamd | Not affected | Not affected | Not affected | Not in release | Ignored |
webdis | Not affected | Not affected | Not affected | Not in release | Needs evaluation |
CVE-2020-36394
Low prioritypam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted...
1 affected packages
pam
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam | — | Not affected | Not affected | Not affected | Not affected |
CVE-2021-31924
Medium priorityYubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature...
1 affected packages
pam-u2f
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam-u2f | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-1946
Medium priorityIn Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to...
1 affected packages
spamassassin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
spamassassin | — | — | Fixed | Fixed | Fixed |