Search CVE reports


Toggle filters

11 – 20 of 81 results


CVE-2021-31924

Medium priority
Needs evaluation

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence (touch) or cryptographic signature...

1 affected package

pam-u2f

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam-u2f Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-1946

Medium priority
Fixed

In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to...

1 affected package

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed Fixed
Show less packages

CVE-2020-27780

High priority
Not affected

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn't exist PAM try to authenticate with root and in the case of an empty password...

1 affected package

pam

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam Not affected Not affected Not affected
Show less packages

CVE-2020-27743

Medium priority
Needs evaluation

libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.

1 affected package

libpam-tacplus

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-tacplus Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-13881

Low priority

Some fixes available 3 of 11

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

1 affected package

libpam-tacplus

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-tacplus Not in release Needs evaluation Fixed Fixed Fixed
Show less packages

CVE-2020-10595

Medium priority
Fixed

pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a...

1 affected package

libpam-krb5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-krb5 Fixed Fixed
Show less packages

CVE-2020-1931

Medium priority
Fixed

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and...

1 affected package

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages

CVE-2020-1930

Medium priority
Fixed

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched,...

1 affected package

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages

CVE-2019-12420

Medium priority
Fixed

In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.

1 affected package

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages

CVE-2018-11805

Medium priority
Fixed

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we...

1 affected package

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages