CVE-2026-8407

CVE-2026-8407 affects Devolutions Server where the PAM module’s authorization is missing. An authenticated user with a PAM license but no additional permissions can craft requests to PAM API endpoints to retrieve OTP secret keys and recovery codes. Impacted versions include Devolutions Server 202...

CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization

A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can modify the supplied remote hostname before setting PAMRHOST. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing...

CLEANSTART-2026-AX77726 vulnerability was found in PAM

Multiple security vulnerabilities affect the gitlab-shell-fips package. A vulnerability was found in PAM. See references for individual vulnerability details...

Important Photon OS Security Update - PHSA-2025-5.0-0710

Updates of 'Linux-PAM', 'httpd' packages of Photon OS have been released...

Astra Linux - уязвимость в pam

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

ROS-20251014-02

A vulnerability in the pamsmauthenticate function of the Yubico pam-u2f PAM module is related to the return of an invalid status code state. Exploitation of the vulnerability could allow an attacker to escalate privileges...

EUVD-1999-1139

Malware in sbrugna...

EUVD-2019-4291

Malware in sbrugna...

EUVD-2001-1439

Malware in sbrugna...

EUVD-2017-2262

Malware in sbrugna...

USN-7806-1: PAM/U2F vulnerability

It was discovered that PAM/U2F could allow for authentication bypass in some configurations. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service...

EUVD-2025-11049

Malicious code in bioql PyPI...

DLA-4306-1 pam - security update

Bulletin has no description...

RHSA-2025:15107 Red Hat Security Advisory: pam security update

Bulletin has no description...

RHSA-2025:15103 Red Hat Security Advisory: pam security update

Bulletin has no description...

RHSA-2025:15102 Red Hat Security Advisory: pam security update

Bulletin has no description...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : pam (SUSE-SU-2025:02970-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02970-1 advisory. - Improve previous CVE-2024-10041 fix which led to CPU performance issues bsc1232234 Tenable has extract...

Security update for pam

This update for pam fixes the following issues: CVE-2025-6020: pamnamespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path. And keep the bind-mount protection from protectmount as a defense in depthmeasure. bsc1244509 Patch...

Security update for apparmor

This update for apparmor fixes the following issues: Add dacreadsearch capability for unixchkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. bsc1241678 Patch Instructions: To install this SUSE update use the SUSE...

CVE-2025-30700

Vulnerability in the Oracle Solaris product of Oracle Systems component: Pluggable authentication module. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks...