Pam Tacplus Project CVE

Filtered by vendor Pam Tacplus Project Subscribe

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2016-20014	1 Pam Tacplus Project	1 Pam Tacplus	2022-05-02	7.5 HIGH	9.8 CRITICAL
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
CVE-2020-27743	1 Pam Tacplus Project	1 Pam Tacplus	2020-11-02	7.5 HIGH	9.8 CRITICAL
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id.

Vulnerabilities (CVE)