Lucene search
+L

193 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-15637

Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier...

7.5CVSS0.00192EPSS
Exploits0References1
CVE
CVE
added 2026/06/14 5:21 p.m.58 views

CVE-2026-54411

Linux-PAM up to 1.7.2 is affected by a timing side-channel in the pam_userdb plaintext-password comparison path (modules/pam_userdb/pam_userdb.c). When configured with crypt=none, an unrecognized crypt method, or without a crypt= argument, credentials are stored/compared in plaintext. The compari...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References4
OSV
OSV
added 2026/06/14 5:21 p.m.5 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS6AI score0.00321EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

EulerOS 2.0 SP11 : util-linux (EulerOS-SA-2026-2231)

According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/21 1:12 p.m.12 views

CVE-2026-44073

A flaw was found in Netatalk. A remote attacker with low privileges could exploit a vulnerability where the seteuid system call failure is ignored within authentication modules. This oversight may allow the attacker to perform unauthorized actions, leading to a low impact on confidentiality,...

5CVSS5.8AI score0.00277EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 8:16 a.m.24 views

CVE-2026-44073

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...

5CVSS0.00277EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 7:35 a.m.8 views

CVE-2026-44073 seteuid failure ignored in auth modules

Authentication modules in Netatalk 1.5.0 through 4.4.2 fail to check the return value of seteuid, which may allow a remote authenticated attacker to retain elevated privileges under error conditions...

5CVSS5.8AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 7:35 a.m.36 views

CVE-2026-44073

Netatalk 1.5.0–4.4.2 contains a vulnerability where seteuid() return values were not checked in authentication modules, potentially allowing a remote authenticated attacker to retain elevated privileges under error conditions. The issue is fixed in Netatalk 4.5.0. Impact is described as elevation...

5CVSS5.8AI score0.00277EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/08 8:41 a.m.35 views

New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials

Cybersecurity researchers have disclosed details of a new Linux backdoor named PamDOORa that's being advertised on the Rehub Russian cybercrime forum for $1,600 by a threat actor called "darkworm." The backdoor is designed as a Pluggable Authentication Module PAM-based post-exploitation toolkit...

5.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/15 6:35 p.m.7 views

CVE-2026-6245

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/15 6:35 p.m.75 views

CVE-2026-6245 Sssd: out-of-bounds read in the sssd

A flaw was found in the System Security Services Daemon SSSD. The pampasskeychildreaddata function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an...

5.5CVSS0.00141EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/09 1:57 a.m.3 views

util-linux: util-linux: Access control bypass due to improper hostname canonicalization

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

5.3CVSS6.1AI score0.00436EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/03 9:31 p.m.7 views

EUVD-2026-18817

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

3.7CVSS5.9AI score0.00436EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 7:17 p.m.7 views

UBUNTU-CVE-2026-3184

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

5.3CVSS5.8AI score0.00436EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/03 6:43 p.m.5 views

CVE-2026-3184

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

3.7CVSS5.9AI score0.00436EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/03/23 4:48 p.m.7 views

Security update for util-linux

This update for util-linux fixes the following issues: CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for "login -h" bsc1258859. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

6.3CVSS5.8AI score0.00436EPSS
Exploits0References4
NVD
NVD
added 2026/03/20 1:16 p.m.5 views

CVE-2026-4434

Improper certificate validation in the PAM propagation WinRM connections allows a network attacker to perform a man-in-the-middle attack via disabled TLS certificate verification...

8.1CVSS0.00144EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.7 views

Devolutions Server 安全漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server prior to 2025.3.15 contained a security vulnerability caused by improper execution of...

9.8CVSS5.9AI score0.00447EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: pam (CVE-2024-10963)

The version of pam installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-10963 advisory. - A flaw was found in pamaccess, where certain rules in its configuration file are mistakenly treated as hostname...

7.4CVSS8.1AI score0.00791EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 4 : pam-1.1.1-13.AXS4 (AXSA:2013-122:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-122:01 advisory. PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to...

4.6CVSS7AI score0.00696EPSS
Exploits0References3
Rows per page
Query Builder