pkg:Debian/pam
共 26 筆 CVEHIGH3MEDIUM4
✅ 檢查你的版本
所有已知漏洞
- from 0
- from 0, < 1.4.0-9+deb11u2
- HIGH7.4CVE-2024-10963A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames.from 0, < 1.7.0-5
- MEDIUM6.5CVE-2015-3238The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords,…from 0, < 1.1.8-3.2
- from 0, < 1.4.0-9+deb11u2
- from 0, < 1.4.0-9+deb11u2
- from 0
- —CVE-2013-7041The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the…from 0, < 1.1.8-3.1
- —CVE-2011-3628Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1…from 0, < 1.1.3-7
- —CVE-2014-2583Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users…from 0, < 1.1.8-3.1
- —CVE-2011-3149The _expand_arg function in the pam_env module (modules/pam_env/pam_env.c) in Linux-PAM (aka pam) before 1.1.5 does not properly handle whe…from 0, < 1.1.3-5
- from 0, < 1.1.1-6.1+squeeze1
- from 0, < 1.1.3-5
- —CVE-2010-4708The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the .pam_environment file in a user's home directory, which might allow l…from 0, < 1.1.3-7.1
- —CVE-2010-4707The check_acl function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not verify that a certain ACL f…from 0, < 1.1.3-1
- —CVE-2010-4706The pam_sm_close_session function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) 1.1.2 and earlier does not properly handle…from 0, < 1.1.3-1
- —CVE-2010-3853pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) before 1.1.3 uses the environment of the invoking application or service…from 0, < 1.1.3-1
- —CVE-2010-3435The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before 1.1.2 use root privileges during read access to files and directorie…from 0, < 1.1.3-1
- —CVE-2010-3431The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not check the return va…from 0, < 1.1.3-1
- —CVE-2010-3430The privilege-dropping implementation in the (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) 1.1.2 does not perform the require…from 0, < 1.1.3-1
- —CVE-2010-3316The run_coprocess function in pam_xauth.c in the pam_xauth module in Linux-PAM (aka pam) before 1.1.2 does not check the return values of t…from 0, < 1.1.2-1
- —CVE-2009-3232pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system aut…from 0, < 1.0.1-10
- —CVE-2009-0579Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass…from 0, < 1.0.1-10
- —CVE-2009-0887Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration fi…from 0, < 1.0.1-10
- —CVE-2005-2977The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does n…from 0, < 0.99.7.1-2
- —CVE-2002-1227PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as d…from 0, < 0.76-6