Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 30 of 79 results


CVE-2019-16058

Low priority
Needs evaluation

An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096...

1 affected packages

pam-p11

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam-p11 Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2019-12210

Medium priority
Vulnerable

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debug_file, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the...

1 affected packages

pam-u2f

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam-u2f Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2019-12209

Medium priority
Vulnerable

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile (default $HOME/.config/Yubico/u2f_keys) as root (unless openasuser was enabled), and does not properly verify that the path lacks symlinks pointing to other files on...

1 affected packages

pam-u2f

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam-u2f Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2018-17953

Low priority
Not affected

A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).

1 affected packages

pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam Not affected Not affected
Show less packages

CVE-2018-11781

Low priority
Fixed

Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.

1 affected packages

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages

CVE-2018-11780

Medium priority
Fixed

A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.

1 affected packages

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages

CVE-2017-15705

Medium priority
Fixed

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts....

1 affected packages

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages

CVE-2018-10380

Medium priority
Vulnerable

kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.

2 affected packages

kwallet-pam, pam-kwallet

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
kwallet-pam Not affected Not affected Not affected Vulnerable Vulnerable
pam-kwallet Not in release Not in release Not in release Not in release Not in release
Show less packages

CVE-2018-9275

Medium priority
Needs evaluation

In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure (serial number of a device)...

1 affected packages

yubico-pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
yubico-pam Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2017-12197

Unknown priority
Fixed

It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access...

1 affected packages

libpam4j

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam4j Fixed
Show less packages