Lucene search
+L

4 matches found

OSV
OSV
added 2026/06/14 5:21 p.m.5 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS6AI score0.00333EPSS
Exploits0References6
OSV
OSV
added 2025/11/11 12:0 a.m.10 views

ALSA-2025:20181 Important: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: linux-pam: Linux-pam directory Traversal CVE-2025-6020 For more details about the security issues, including the impact, a CVSS...

7.8CVSS6.7AI score0.00399EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.3 views

SUSE CVE-2010-3853

pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pamnamespace PAM...

6.9CVSS7.1AI score0.00416EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2010/11/01 7:45 p.m.8 views

pam: pam_env and pam_mail accessing users' file with root privileges

The 1 pamenv and 2 pammail modules in Linux-PAM aka pam before 1.1.2 use root privileges during read access to files and directories that belong to arbitrary user accounts, which might allow local users to obtain sensitive information by leveraging this filesystem activity, as demonstrated by a...

4.7CVSS5.8AI score0.00356EPSS
Exploits0References4
Rows per page
Query Builder