Lucene search
K

12 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in pam-pkcs11

PAM-PKCS11 is a Linux-PAM login module that enables user login using X.509 certificates. Prior to version 0.6.13, if certpolicy was set to none the default value, then pampkcs11 would only check whether the user was capable of logging into the token. An attacker could create a new token using the...

9.2CVSS7.7AI score0.00677EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:22 p.m.8 views

CVE-2026-23776

Dell PowerProtect Data Domain with Data Domain Operating System DD OS of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60, contains an Improper Certificate Validation vulnerability in...

8.8CVSS5.8AI score0.00222EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/02/12 3:47 a.m.6 views

SUSE CVE-2025-24031

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pampkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, pamgetpwd will never initialize the password...

3.3CVSS7.1AI score0.00139EPSS
Exploits0References7
NVD
NVD
added 2025/02/10 4:15 p.m.6 views

CVE-2025-24032

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

9.2CVSS0.00677EPSS
Exploits0References8
OSV
OSV
added 2025/02/10 4:15 p.m.3 views

UBUNTU-CVE-2025-24031

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pampkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, pamgetpwd will never initialize the password...

5.1CVSS6AI score0.00139EPSS
Exploits0References5
CVE
CVE
added 2025/02/10 3:43 p.m.814 views

CVE-2025-24032

PAM-PKCS#11 (Linux-PAM) vulnerability CVE-2025-24032 affects pam_pkcs11-0.6.0 and later up to 0.6.12/0.6.13 era, where the default cert_policy of none may bypass private-key signature checks. An attacker could create a token containing the user’s public data (e.g., certificate) and a known PIN an...

9.2CVSS7.7AI score0.00677EPSS
Exploits0References8
OSV
OSV
added 2025/02/10 3:43 p.m.11 views

CVE-2025-24032 PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`)

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

9.2CVSS7.4AI score0.00677EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/09/02 11:3 a.m.12 views

CVE-2024-5148 Gnome-remote-desktop: inadequate validation of session agents using d-bus methods may expose rdp tls certificate

A flaw was found in the gnome-remote-desktop package. The gnome-remote-desktop system daemon performs inadequate validation of session agents using D-Bus methods related to transitioning a client connection from the login screen to the user session. As a result, the system RDP TLS certificate and...

7.5CVSS6.7AI score0.00569EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:48 a.m.6 views

SUSE CVE-2017-6590

An issue was discovered in network-manager-applet aka network-manager-gnome in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation...

6.3CVSS7AI score0.00269EPSS
Exploits1References3
OSV
OSV
added 2018/02/15 9:29 p.m.4 views

UBUNTU-CVE-2011-4973

Authentication bypass vulnerability in modnss 1.0.8 allows remote attackers to assume the identity of a valid user by using their certificate and entering 'password' as the password...

9.8CVSS5.8AI score0.01018EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/03/09 7:59 p.m.12 views

CVE-2017-6590

An issue was discovered in network-manager-applet aka network-manager-gnome in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation...

6.9CVSS6.8AI score0.00269EPSS
Exploits1References4
Drupal
Drupal
added 2011/10/12 12:0 a.m.11 views

SA-CONTRIB-2011-048 - Certificate Login SQL Injection

The Certificate login module provides client certificate authentication of Drupal users. The authentication is based on the client certificate's data fields, which are then used as the user name for authentication. The obtained data isn't properly sanitized using Drupal's database API, which may...

8.3AI score
Exploits0References9
Rows per page
Query Builder