EUVD-2010-4672

Malware in sbrugna...

EUVD-2022-32773

Malicious code in bioql PyPI...

RHEL 8 : pam (RHSA-2025:10359)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:10359 advisory. Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle...

CVE-2025-6020 Linux-pam: linux-pam directory traversal

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...

CVE-2010-3431

The privilege-dropping implementation in the 1 pamenv and 2 pammail modules in Linux-PAM aka pam 1.1.2 does not check the return value of the setfsuid system call, which might allow local users to obtain sensitive information by leveraging an unintended uid, as demonstrated by a symlink attack on...

CVE-2009-0579

Linux-PAM before 1.0.4 does not enforce the minimum password age MINDAYS as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified...

pam_unix_passwd.so.txt

Date: Wed, 23 Dec 1998 13:12:45 +0100 From: Michal Zalewski Reply-To: Bugtraq List To: [email protected] Subject: Linux PAM up to 0.64-2 local root compromise As someone said, "Never make any mistaeks." Latest release of Linux Pluggable Authentication Modules pam-0.64-2, as well as previous...