Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 78 results


CVE-2020-27743

Medium priority
Needs evaluation

libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.

1 affected packages

libpam-tacplus

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-tacplus Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2020-13881

Low priority

Some fixes available 3 of 11

In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.

1 affected packages

libpam-tacplus

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-tacplus Not in release Needs evaluation Fixed Fixed Fixed
Show less packages

CVE-2020-10595

Medium priority
Fixed

pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a...

1 affected packages

libpam-krb5

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libpam-krb5 Fixed Fixed
Show less packages

CVE-2020-1931

Medium priority
Fixed

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and...

1 affected packages

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages

CVE-2020-1930

Medium priority
Fixed

A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious rule configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. With this bug unpatched,...

1 affected packages

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages

CVE-2019-12420

Medium priority
Fixed

In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources. Upgrading to SA 3.4.3 as soon as possible is the recommended fix but details will not be shared publicly.

1 affected packages

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages

CVE-2018-11805

Medium priority
Fixed

In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we...

1 affected packages

spamassassin

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
spamassassin Fixed Fixed
Show less packages

CVE-2012-2350

Medium priority
Ignored

pam_shield before 0.9.4: Default configuration does not perform protective action

1 affected packages

pam-shield

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam-shield Not affected
Show less packages

CVE-2019-16729

Medium priority

Some fixes available 2 of 4

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups.

1 affected packages

pam-python

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam-python Not affected Fixed Fixed
Show less packages

CVE-2019-16058

Low priority
Needs evaluation

An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096...

1 affected packages

pam-p11

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pam-p11 Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages