15 matches found
EUVD-2011-4068
Malware in sbrugna...
EUVD-2018-20869
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-9275
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, whic...
Vulnerability of the pam_sm_authenticate() function in the Yubico PAM module, pam-u2f, which allows a intruder to elevate their privileges
The vulnerability of the pamsmauthenticate function in the Yubico PAM module, specifically in pam-u2f, is related to the return of an incorrect status code. Exploiting this vulnerability could allow attackers to increase their privileges...
SUSE CVE-2025-23013
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...
CVE-2011-4120
Yubico PAM Module before 2.10 performed user authentication when 'usefirstpass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the...
CVE-2011-4120
Yubico PAM Module before 2.10 performed user authentication when 'usefirstpass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the...
Design/Logic Flaw
Yubico PAM Module before 2.10 performed user authentication when 'usefirstpass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the...
CVE-2011-4120
Yubico PAM Module before 2.10 performed user authentication when 'usefirstpass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the...
DEBIAN-CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...
CVE-2018-9275
In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...
DEBIAN-CVE-2018-9275
In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...
Information disclosure
In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...
CVE-2018-9275
In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...
CVE-2018-9275
In checkusertoken in util.c in the Yubico PAM module aka pamyubico 2.18 through 2.25, successful logins can leak file descriptors to the auth mapping file, which can lead to information disclosure serial number of a device and/or DoS reaching the maximum number of file descriptors...