Lucene search
K

49 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2011-4068

Malware in sbrugna...

9.8CVSS8.9AI score0.02019EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-3854

Malware in sbrugna...

7.5CVSS7.7AI score0.02885EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-18797

Malware in sbrugna...

6.8CVSS6.7AI score0.00333EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-20869

Malware in sbrugna...

8.2CVSS8.1AI score0.01466EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-3074

Malicious code in bioql PyPI...

7.3CVSS8.8AI score0.00397EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-9275

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, whic...

8.2CVSS6.3AI score0.01466EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-12209

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not proper...

7.5CVSS6.2AI score0.02885EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/24 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-12210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is...

8.1CVSS6.8AI score0.0187EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-23013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deploy...

7.3CVSS8.4AI score0.00397EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/03/13 12:0 a.m.8 views

Vulnerability of the pam_sm_authenticate() function in the Yubico PAM module, pam-u2f, which allows a intruder to elevate their privileges

The vulnerability of the pamsmauthenticate function in the Yubico PAM module, specifically in pam-u2f, is related to the return of an incorrect status code. Exploiting this vulnerability could allow attackers to increase their privileges...

7.8CVSS8AI score0.00397EPSS
Exploits0References3Affected Software2
Gentoo Linux
Gentoo Linux
added 2025/01/23 12:0 a.m.9 views

Yubico pam-u2f: Partial Authentication Bypass

Background Yubico pam-u2f is a PAM module for FIDO2 and U2F keys. Description Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers referenced below for details. Impact Depending on specific settings and usage scenarios the result of the pam-u2f module...

7.3CVSS7.6AI score0.00397EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/01/23 12:0 a.m.14 views

GLSA-202501-04 : Yubico pam-u2f: Partial Authentication Bypass

The remote host is affected by the vulnerability described in GLSA-202501-04 Yubico pam-u2f: Partial Authentication Bypass Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding descripti...

7.3CVSS8.6AI score0.00397EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/01/16 3:48 a.m.5 views

SUSE CVE-2025-23013

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...

7.8CVSS7AI score0.00397EPSS
Exploits0References9
NVD
NVD
added 2025/01/15 4:15 a.m.8 views

CVE-2025-23013

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...

7.3CVSS0.00397EPSS
Exploits0References7
CVE
CVE
added 2025/01/15 12:0 a.m.3634 views

CVE-2025-23013

CVE-2025-23013 affects pam-u2f, a PAM module for U2F/U2F devices (e.g., YubiKey) used on Linux/macOS. The issue: pam-u2f does not properly handle PAM_IGNORE return values, allowing local privilege escalation or authentication bypass under certain configurations. Attack requires unprivileged acces...

7.3CVSS7.1AI score0.00397EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2025/01/15 12:0 a.m.7 views

CVE-2025-23013

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...

7.3CVSS7.1AI score0.00397EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.6 views

SUSE CVE-2018-9275

In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...

4.4CVSS6.3AI score0.01466EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.2 views

SUSE CVE-2019-12209

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...

4.6CVSS7AI score0.02885EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.4 views

SUSE CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

6.8CVSS6.6AI score0.0187EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2022/08/10 12:0 a.m.35 views

GLSA-202208-11 : Yubico pam-u2f: Local PIN Bypass vulnerability

The remote host is affected by the vulnerability described in GLSA-202208-11 Yubico pam-u2f: Local PIN Bypass vulnerability - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not...

6.8CVSS6.9AI score0.00333EPSS
Exploits0References3
Rows per page
Query Builder