CVE Tools

linux-pam

Operating Systemsoss-project

13

Cumulative CVEs

5

Monthly snapshots

#19

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting linux-pam.

CVE-2026-54411Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or n...5.9Jun 14, 2026
CVE-2024-10041Pam: libpam: libpam vulnerable to read hashed password4.7Oct 23, 2024
CVE-2024-22365linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.5.5Feb 6, 2024
CVE-2022-28321The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pam_access.so module doesn't correctly restrict login if a user tries to connect from...9.8Sep 19, 2022
CVE-2020-27780A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case o...9.8Dec 17, 2020
CVE-2015-3238The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denia...6.5Aug 24, 2015
CVE-2014-2583Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authenticati...5.8Apr 10, 2014
CVE-2011-3149The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle when environment variable expansion can overflow, which allow...2.1Jul 22, 2012
CVE-2011-3148Stack-based buffer overflow in the _assemble_line function in modules/pam_env/pam_env.c in Linux-PAM (aka pam) before 1.1.5 allows local users to cause a denial of service (crash) and possibly exec...4.6Jul 22, 2012
CVE-2010-4708The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow local users to run programs with an unintended environment ...7.2Jan 24, 2011
CVE-2010-4707The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL file is a regular file, which might allow local users to ca...4.9Jan 24, 2011
CVE-2010-4706The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle a failure to determine a certain target uid, which might a...4.9Jan 24, 2011
CVE-2010-3853pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which migh...6.9Jan 24, 2011
CVE-2010-3435The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allo...4.7Jan 24, 2011
CVE-2010-3431The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return value of the setfsuid system call, which might allow local u...1.9Jan 24, 2011