Lucene search
K

3494 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.5 views

Siemens RuggedCom Rox Path Traversal (CVE-2025-6020)

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. This plugin only works with Tenable.ot. Please visit...

7.8CVSS7AI score0.0039EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50784

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description A symlink race condition exists in the creation of per-device and per-user pad directories. The software employs a check-then-act pattern, where it calls lstat to verify existence and subsequently...

5.8CVSS5.9AI score0.00084EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50771

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description An infinite loop Denial of Service DoS occurs during the process-tree walk when a parent process exits during authentication. The function usb get process parent id fails to initialize the ppid...

4.7CVSS5.9AI score0.00104EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.17 views

PT-2026-50782

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description pam usb provides hardware authentication for Linux using removable media. The software calls the xmlReadFile function with flags=0 when loading the configuration file, which allows libxml2 to process...

6.7CVSS5.8AI score0.00115EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.34 views

PT-2026-50769

Name of the Vulnerable Software and Affected Versions pam usb versions 0.9.1 and earlier Description The xfree memory release helper calls free without zeroing buffer contents first. This results in heap-allocated buffers containing sensitive data, such as one-time pad bytes read from disk, being...

4.7CVSS6AI score0.00109EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/16 6:24 p.m.20 views

CVE-2026-11890

Improper access control in PAM account discovery results in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve account discovery scan results...

0.00162EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-54411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in...

8.2CVSS6AI score0.00321EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/14 5:21 p.m.10 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.3AI score0.00321EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/14 5:21 p.m.24 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS0.00321EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/14 5:21 p.m.7 views

CVE-2026-54411

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.3AI score0.00321EPSS
Exploits0
EUVD
EUVD
added 2026/06/14 5:21 p.m.12 views

EUVD-2026-36662

Linux-PAM through 1.7.2 contains an observable timing discrepancy CWE-208 in the pamuserdb module's plaintext-password comparison path in modules/pamuserdb/pamuserdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the...

8.2CVSS5.4AI score0.00321EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.15 views

PT-2026-49134

Name of the Vulnerable Software and Affected Versions Linux-PAM versions prior to 1.7.3 Description A timing discrepancy exists in the pam userdb module's plaintext-password comparison path within modules/pam userdb/pam userdb.c. A local or network-adjacent attacker can recover the plaintext...

8.2CVSS5.3AI score0.00321EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2026/06/12 6:17 p.m.35 views

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade

Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant , says it backdoored the PAM and OpenSSH components that decide who is allowed to sign i...

6.7CVSS5.8AI score0.04271EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.10 views

Devolutions Server < 2026.1.21.0 / 2026.2.4.0 < 2026.2.5.0 Multiple Vulnerabilities (DEVO-2026-0015)

The version of Devolutions Server installed on the remote host is prior to 2026.1.21.0 or 2026.2.4.0 prior to 2026.2.5.0. It is, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements in the built-in PAM provider password rotation templates in...

6.5CVSS6AI score0.00196EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/08 6:26 p.m.8 views

CVE-2026-10544

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

5.9AI score0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 6:26 p.m.24 views

CVE-2026-10544

This CVE (CVE-2026-10544) affects Devolutions Server, specifically versions 2026.2.4.0 and 2026.1.20.0 and earlier. The issue is described as improper neutralization of special elements in the built-in PAM provider password rotation templates, allowing an authenticated user with write access to a...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/08 6:26 p.m.13 views

EUVD-2026-35184

Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider. This issue affects : Devolutions...

6.5CVSS5.9AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.11 views

Devolutions Server 命令注入漏洞

Devolutions Server is an application system developed by the Canadian company Devolutions. It provides a fully functional solution for shared accounts and password management. Versions of Devolutions Server such as 2026.2.4.0, 2026.1.20.0, and earlier versions had a vulnerability related to...

6.5CVSS6.2AI score0.00196EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.10.1 : util-linux (EulerOS-SA-2026-2038)

According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in util-linux. Improper hostname canonicalization in the login1 utility, when invoked with the -h option, can...

5.3CVSS5.5AI score0.00436EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-7325

Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provider service account via authentication relay to an attacker-controlled server. This issue affects :...

7.1CVSS5.5AI score0.00176EPSS
Exploits0References1
Rows per page
Query Builder