Lucene search
K

3494 matches found

CVE
CVE
added 2026/05/27 7:58 p.m.20 views

CVE-2026-48065

The CVE-2026-48065 issue affects pam_usb for Linux prior to version 0.9.1. In src/conf.c, heap memory is allocated as size proportional to n_devices (derived from libxml2 XPath on the config file) without an upper bound. On 32-bit targets (armv7l, i686 listed in the Makefile), n_devices * sizeof(...

6.7CVSS5.9AI score0.00149EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 7:58 p.m.43 views

CVE-2026-48065 pam_usb: Unchecked integer multiplication before xmalloc() in conf.c allows heap-based buffer overflow on 32-bit targets

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to ndevices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit targets armv7l, i686 --...

6.7CVSS0.00149EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 7:58 p.m.11 views

CVE-2026-48065 pam_usb: Unchecked integer multiplication before xmalloc() in conf.c allows heap-based buffer overflow on 32-bit targets

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to ndevices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit targets armv7l, i686 --...

6.7CVSS5.9AI score0.00149EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 7:57 p.m.43 views

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS0.00116EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 7:57 p.m.16 views

CVE-2026-48066

pam_usb fixes a thread-unsafe behavior: before 0.9.1, src/log.c used a process-wide static pointer written on every PAM invocation to a stack-local address, creating a data race when PAM is invoked concurrently by multiple threads. The issue is resolved in version 0.9.1. Affected component: pam_u...

5.7CVSS5.8AI score0.00116EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 7:57 p.m.9 views

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS5.8AI score0.00116EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 7:55 p.m.11 views

CVE-2026-48792 pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...

4.4CVSS5.8AI score0.00128EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:55 p.m.10 views

CVE-2026-48792

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...

4.4CVSS5.8AI score0.00128EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/27 7:55 p.m.39 views

CVE-2026-48792 pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...

4.4CVSS0.00128EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 7:55 p.m.15 views

CVE-2026-48792

The connected sources confirm a vulnerability in pam_usb for Linux prior to 0.9.1: evdev.c silently ignores EACCES when opening /dev/input/event* nodes, causing pusb_has_virtual_input_device() to incorrectly report no virtual devices even if opens fail due to insufficient permissions. As a result...

4.4CVSS5.8AI score0.00128EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

pam_usb 参数注入漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 contained a parameter injection vulnerability. This vulnerability stems from the use of specially crafted UUIDs in configurations e.g., $id/tmp/rce,...

8.2CVSS6.2AI score0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

pam_usb 安全漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 contain security vulnerabilities. These vulnerabilities stem from the code in src/tmux.c, which reads the user’s $TMUX environment variable and insert...

8.8CVSS6AI score0.00158EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.9 views

PT-2026-44087

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam usb helper tools resolved external binaries through the PATH environment variable rather than using absolute paths. An attacker who can influence the process environment during PAM...

6.3CVSS5.9AI score0.00141EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44084

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc, xrealloc, and xstrdup using assertdata != NULL. The C standard specifies that all assert expressions are compiled out when NDEBUG is defined a...

5.1CVSS5.8AI score0.00122EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

pam_usb 代码问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 have code vulnerabilities. These vulnerabilities stem from multiple auxiliary tools resolving external binary files through the PATH environment...

6.3CVSS6AI score0.00141EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.20 views

PT-2026-44115

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.0 Description This issue occurs in the deny remote feature of the PAM module, which is loaded into host processes such as sudo, login, GDM, and GNOME Shell. In multi-threaded environments like GDM, three functions...

6.3CVSS5.9AI score0.00108EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

pam_usb 访问控制错误漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 contained an access control vulnerability; this vulnerability stemmed from the denyremote function, which only checks the first 32-bit word of utaddrv...

7.4CVSS5.8AI score0.00307EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.7 views

pam_usb 代码问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 have code vulnerabilities. These vulnerabilities arise from assertions being compiled and removed during memory allocation failures, leading to null...

5.1CVSS5.9AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

pam_usb 安全漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.1 contained security vulnerabilities. These vulnerabilities occurred when the denyremote setting was set to false, causing the PAMRHOST check to be...

8.1CVSS5.8AI score0.00342EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

pam_usb 授权问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 have a vulnerability related to authorization issues. This vulnerability stems from symbolic link attacks involving the pad directory and pad files,...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References1
Rows per page
Query Builder