Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 79 results


CVE-2024-10963

Medium priority
Vulnerable

A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining...

1 affected packages

pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-10041

Medium priority
Vulnerable

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train...

1 affected packages

pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2024-22365

Medium priority
Fixed

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

1 affected packages

pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-3326

Low priority
Vulnerable

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a...

2 affected packages

libpam-krb5, sssd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-krb5 Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
sssd Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2022-28321

Negligible priority
Fixed

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not...

1 affected packages

pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam Fixed Fixed Fixed Fixed
Show less packages

CVE-2016-20014

Low priority
Needs evaluation

In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.

1 affected packages

libpam-tacplus

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-tacplus Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2021-32762

Negligible priority
Needs evaluation

Redis is an open source, in-memory database that persists on disk. The redis-cli command line tool and redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies....

7 affected packages

discque, hiredis, nginx, python-hiredis, redis...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
discque Not in release Not in release Not in release Not in release Ignored
hiredis Not affected Not affected Not affected Not affected Needs evaluation
nginx Not affected Not affected Not affected Not affected Not affected
python-hiredis Not affected Not affected Not affected Not affected Needs evaluation
redis Not affected Not affected Not affected Not affected Needs evaluation
rspamd Not affected Not affected Not affected Not in release Ignored
webdis Not affected Not affected Not affected Not in release Needs evaluation
Show all 7 packages Show less packages

CVE-2020-36394

Low priority
Ignored

pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted...

1 affected packages

pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-31924

Medium priority
Needs evaluation

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature...

1 affected packages

pam-u2f

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam-u2f Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-1946

Medium priority
Fixed

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to...

1 affected packages

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed Fixed
Show less packages