CVE-1999-0342

Linux PAM modules allow local users to gain root access using temporary files...

Security Bulletin: Vulnerability in linux-pam affects IBM Netezza Appliance

Summary The linux-pam package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-8941 Vulnerability Details CVEID:CVE-2025-8941 DESCRIPTION: A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.1.1.1)

The version of AOS installed on the remote host is prior to 7.1.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.1.1.1 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely...

Advisory ROSA-SA-2025-3089

Software: pam 1.1.8 OS: rosa-server79 unaffected versions = pam-1.1.8-23.0.3.res7 affected versions pam-1.1.8-23.0.3.res7 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a race...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.11)

The version of AOS installed on the remote host is prior to 6.10.1.11. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.11 advisory. - Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely...

AlmaLinux 10 : pam (ALSA-2025:20181)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:20181 advisory. linux-pam: Linux-pam directory Traversal CVE-2025-6020 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note...

EulerOS 2.0 SP13 : pam (EulerOS-SA-2025-2442)

According to the versions of the pam packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks a...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-2452)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-2442)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Siemens SIMATIC S7-1500 Improper Authentication (CVE-2022-28321)

The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for SSH logins. The pamaccess.so module doesn't correctly restrict login if a user tries to connect from an IP address that is not resolvable via DNS. In such conditions, a user with denied access to a...

linux-pam: Linux-pam directory Traversal

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...

Amazon Linux 2023 : pam, pam-devel (ALAS2023-2025-1257)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1257 advisory. A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to...

Medium: pam

Issue Overview: A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. CVE-2025-8941 Affected...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-22365)

linux-pam aka Linux PAM before 1.6.0 allows attackers to cause a denial of service blocked login process via mkfifo because the openat call for protectdir lacks ODIRECTORY. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

NewStart CGSL MAIN 7.02 : pam Vulnerability (NS-SA-2025-0252)

The remote NewStart CGSL host, running version MAIN 7.02, has pam packages installed that are affected by a vulnerability: - A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to...

EulerOS 2.0 SP13 : pam (EulerOS-SA-2025-2273)

According to the versions of the pam packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevat...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-2305)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for pam (EulerOS-SA-2025-2273)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TencentOS Server 3: pam (TSSA-2025:0777)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0777 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EulerOS 2.0 SP11 : pam (EulerOS-SA-2025-2207)

According to the versions of the pam package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks an...