95 matches found
CVE-2026-11890
The CVE-2026-11890 entry concerns Devolutions Server versions 2026.1.21 and 2026.2.5, where improper access control in PAM account discovery allows an authenticated user to retrieve account discovery scan results. The connected documents confirm affected software and the root cause (in PAM accoun...
CVE-2026-10544
Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...
PT-2026-47429
Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.4.0 Devolutions Server versions prior to 2026.1.20.0 Description Improper neutralization of special elements in the built-in PAM Privileged Access Management provider password rotation templates allows an...
CVE-2026-8407
CVE-2026-8407 affects Devolutions Server where the PAM module’s authorization is missing. An authenticated user with a PAM license but no additional permissions can craft requests to PAM API endpoints to retrieve OTP secret keys and recovery codes. Impacted versions include Devolutions Server 202...
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization
A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...
CLEANSTART-2026-AX77726 vulnerability was found in PAM
Multiple security vulnerabilities affect the gitlab-shell-fips package. A vulnerability was found in PAM. See references for individual vulnerability details...
Important Photon OS Security Update - PHSA-2025-5.0-0710
Updates of 'httpd', 'Linux-PAM' packages of Photon OS have been released...
Astra Linux – Vulnerability in pam
A vulnerability was discovered in PAM. Secret information is stored in memory, and the attacker can trigger the victim’s program to execute by sending characters to its standard input stdin. During this process, the attacker can instruct the branch predictor to execute a ROP chain speculatively...
ROS-20251014-02
A vulnerability in the pamsmauthenticate function of the Yubico pam-u2f PAM module is related to the return of an invalid status code state. Exploitation of the vulnerability could allow an attacker to escalate privileges...
EUVD-1999-1139
Malware in sbrugna...
EUVD-2019-4291
Malware in sbrugna...
EUVD-2017-2262
Malware in sbrugna...
EUVD-2001-1439
Malware in sbrugna...
USN-7806-1: PAM/U2F vulnerability
It was discovered that PAM/U2F could allow for authentication bypass in some configurations. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...
EUVD-2025-11049
Malicious code in bioql PyPI...
DLA-4306-1 pam - security update
Bulletin has no description...
RHSA-2025:15107 Red Hat Security Advisory: pam security update
Bulletin has no description...
RHSA-2025:15103 Red Hat Security Advisory: pam security update
Bulletin has no description...
RHSA-2025:15102 Red Hat Security Advisory: pam security update
Bulletin has no description...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : pam (SUSE-SU-2025:02970-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02970-1 advisory. - Improve previous CVE-2024-10041 fix which led to CPU performance issues bsc1232234 Tenable has extract...