Search CVE reports
11 – 20 of 79 results
CVE-2020-27780
High priorityA flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password...
1 affected packages
pam
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam | — | — | Not affected | Not affected | Not affected |
CVE-2020-27743
Medium prioritylibtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.
1 affected packages
libpam-tacplus
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libpam-tacplus | Not in release | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2020-13881
Low prioritySome fixes available 3 of 11
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
1 affected packages
libpam-tacplus
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libpam-tacplus | Not in release | Needs evaluation | Fixed | Fixed | Fixed |
CVE-2020-10595
Medium prioritypam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a...
1 affected packages
libpam-krb5
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libpam-krb5 | — | — | — | Fixed | Fixed |
CVE-2020-1931
Medium priorityA command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and...
1 affected packages
spamassassin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
spamassassin | — | — | — | Fixed | Fixed |
CVE-2020-1930
Medium priorityA command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched,...
1 affected packages
spamassassin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
spamassassin | — | — | — | Fixed | Fixed |
CVE-2019-12420
Medium priorityIn Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.
1 affected packages
spamassassin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
spamassassin | — | — | — | Fixed | Fixed |
CVE-2018-11805
Medium priorityIn Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we...
1 affected packages
spamassassin
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
spamassassin | — | — | — | Fixed | Fixed |
CVE-2012-2350
Medium prioritypam_shield before 0.9.4: Default configuration does not perform protective action
1 affected packages
pam-shield
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam-shield | — | — | — | — | Not affected |
CVE-2019-16729
Medium prioritySome fixes available 2 of 4
pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.
1 affected packages
pam-python
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
pam-python | — | — | Not affected | Fixed | Fixed |