Search CVE reports
21 – 30 of 79 results
CVE-2019-16058
Low priorityAn issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096...
1 affected packages
pam-p11
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam-p11 | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
CVE-2019-12210
Medium priorityIn Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the...
1 affected packages
pam-u2f
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam-u2f | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2019-12209
Medium priorityYubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on...
1 affected packages
pam-u2f
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam-u2f | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2018-17953
Low priorityA incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).
1 affected packages
pam
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam | — | — | — | Not affected | Not affected |
CVE-2018-11781
Low priorityApache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
1 affected packages
spamassassin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
spamassassin | — | — | — | Fixed | Fixed |
CVE-2018-11780
Medium priorityA potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
1 affected packages
spamassassin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
spamassassin | — | — | — | Fixed | Fixed |
CVE-2017-15705
Medium priorityA denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts....
1 affected packages
spamassassin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
spamassassin | — | — | — | Fixed | Fixed |
CVE-2018-10380
Medium prioritykwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.
2 affected packages
kwallet-pam, pam-kwallet
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
kwallet-pam | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
pam-kwallet | Not in release | Not in release | Not in release | Not in release | Not in release |
CVE-2018-9275
Medium priorityIn check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device)...
1 affected packages
yubico-pam
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
yubico-pam | Not affected | Not affected | Not affected | Needs evaluation | Needs evaluation |
CVE-2017-12197
Unknown priorityIt was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access...
1 affected packages
libpam4j
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libpam4j | — | — | — | — | Fixed |