49 matches found
EUVD-2011-4068
Malware in sbrugna...
EUVD-2019-3854
Malware in sbrugna...
EUVD-2021-18797
Malware in sbrugna...
EUVD-2018-20869
Malware in sbrugna...
EUVD-2025-3074
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2018-9275
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, whic...
Linux Distros Unpatched Vulnerability : CVE-2019-12209
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not proper...
Linux Distros Unpatched Vulnerability : CVE-2019-12210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is...
Linux Distros Unpatched Vulnerability : CVE-2025-23013
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deploy...
Vulnerability of the pam_sm_authenticate() function in the Yubico PAM module, pam-u2f, which allows a intruder to elevate their privileges
The vulnerability of the pamsmauthenticate function in the Yubico PAM module, specifically in pam-u2f, is related to the return of an incorrect status code. Exploiting this vulnerability could allow attackers to increase their privileges...
Yubico pam-u2f: Partial Authentication Bypass
Background Yubico pam-u2f is a PAM module for FIDO2 and U2F keys. Description Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers referenced below for details. Impact Depending on specific settings and usage scenarios the result of the pam-u2f module...
GLSA-202501-04 : Yubico pam-u2f: Partial Authentication Bypass
The remote host is affected by the vulnerability described in GLSA-202501-04 Yubico pam-u2f: Partial Authentication Bypass Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding descripti...
SUSE CVE-2025-23013
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...
CVE-2025-23013
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...
CVE-2025-23013
CVE-2025-23013 affects pam-u2f, a PAM module for U2F/U2F devices (e.g., YubiKey) used on Linux/macOS. The issue: pam-u2f does not properly handle PAM_IGNORE return values, allowing local privilege escalation or authentication bypass under certain configurations. Attack requires unprivileged acces...
CVE-2025-23013
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...
SUSE CVE-2018-9275
In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...
SUSE CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...
SUSE CVE-2019-12210
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...
GLSA-202208-11 : Yubico pam-u2f: Local PIN Bypass vulnerability
The remote host is affected by the vulnerability described in GLSA-202208-11 Yubico pam-u2f: Local PIN Bypass vulnerability - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not...