Advisory ROSA-SA-2025-3101

Software: pam 1.3.1 OS: ROSA Virtualization 2.1 packageevrstring: pam-1.3.1-36.rv3 CVE-ID: CVE-2024-10041 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in PAM allows an attacker to access sensitive information stored in memory through the execution of a victim program by sending...

Amazon Linux 2 : pam, --advisory ALAS2-2025-3057 (ALAS-2025-3057)

The version of pam installed on the remote host is prior to 1.1.8-23. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3057 advisory. A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit...

pam-1.7.1-3.1 on GA media (moderate)

pam-1.7.1-3.1 on GA media Announcement ID: openSUSE-SU-2025:15478-1 Rating: moderate Cross-References: CVE-2024-10041 CVSS scores: CVE-2024-10041 SUSE : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-10041 SUSE : 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N...

OPENSUSE-SU-2025:15477-1 pam-1.7.1-3.1 on GA media

These are all security issues fixed in the pam-1.7.1-3.1 package on the GA media of openSUSE Tumbleweed...

Linux PAM Environment - Variable Injection Local Privilege Escalation

Exploit Title: Linux PAM Environment - Variable Injection Local Privilege Escalation Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: PAM pamenv.so module allows environment variable injection via /.pamenvironment leading to privilege escalation throu...

SUSE CVE-2018-17953

A incorrect variable in a SUSE specific patch for pamaccess rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pamaccess rules not being applied fail open...