Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

31 – 40 of 79 results


CVE-2017-11737

Unknown priority
Not affected

interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page.

1 affected packages

rspamd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
rspamd Not affected Not in release Not in release
Show less packages

CVE-2016-4422

High priority

Some fixes available 3 of 4

The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth might allow context-dependent attackers to bypass authentication or gain privileges via a system user account.

1 affected packages

libpam-sshauth

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-sshauth Fixed
Show less packages

CVE-2015-9542

Medium priority
Fixed

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an...

1 affected packages

libpam-radius-auth

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-radius-auth Fixed Fixed
Show less packages

CVE-2015-3238

Low priority

Some fixes available 6 of 8

The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.

1 affected packages

pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam Fixed
Show less packages

CVE-2013-0191

Medium priority
Ignored

libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.

1 affected packages

pam-pgsql

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam-pgsql Not affected
Show less packages

CVE-2013-7041

Low priority

Some fixes available 2 of 7

The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.

1 affected packages

pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam
Show less packages

CVE-2014-2583

Low priority

Some fixes available 2 of 6

Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1)...

1 affected packages

pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam
Show less packages

CVE-2013-1052

High priority
Fixed

pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo.

1 affected packages

pam-xdg-support

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam-xdg-support
Show less packages

CVE-2013-0288

Medium priority

Some fixes available 1 of 6

nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large...

1 affected packages

nss-pam-ldapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
nss-pam-ldapd
Show less packages

CVE-2012-1502

Medium priority

Some fixes available 4 of 5

Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.

1 affected packages

python-pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pam
Show less packages