32 matches found
EUVD-2021-18797
Malware in sbrugna...
EUVD-2019-3854
Malware in sbrugna...
EUVD-2025-3074
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-12209
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not proper...
Linux Distros Unpatched Vulnerability : CVE-2019-12210
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is...
Linux Distros Unpatched Vulnerability : CVE-2025-23013
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deploy...
Yubico pam-u2f: Partial Authentication Bypass
Background Yubico pam-u2f is a PAM module for FIDO2 and U2F keys. Description Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers referenced below for details. Impact Depending on specific settings and usage scenarios the result of the pam-u2f module...
GLSA-202501-04 : Yubico pam-u2f: Partial Authentication Bypass
The remote host is affected by the vulnerability described in GLSA-202501-04 Yubico pam-u2f: Partial Authentication Bypass Multiple vulnerabilities have been discovered in Yubico pam-u2f. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding descripti...
CVE-2025-23013
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...
CVE-2025-23013
CVE-2025-23013 affects pam-u2f, a PAM module for U2F/U2F devices (e.g., YubiKey) used on Linux/macOS. The issue: pam-u2f does not properly handle PAM_IGNORE return values, allowing local privilege escalation or authentication bypass under certain configurations. Attack requires unprivileged acces...
CVE-2025-23013
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module PAM that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue...
SUSE CVE-2019-12209
Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...
SUSE CVE-2019-12210
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...
GLSA-202208-11 : Yubico pam-u2f: Local PIN Bypass vulnerability
The remote host is affected by the vulnerability described in GLSA-202208-11 Yubico pam-u2f: Local PIN Bypass vulnerability - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not...
CVE-2021-31924
Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...
CVE-2021-31924
Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...
Yubico pam-u2f 授权问题漏洞
Yubico pam-u2f is a portable authentication module for U2F. An authorization issue vulnerability exists in Yubico pam-u2f versions prior to 1.1.1, which stems from a logical issue with pam-u2f that could lead to a local PIN bypass depending on the application that pam-u2f is configured and used i...
Yubico pam-u2f information disclosure vulnerability
Yubico pam-u2f is a portable authentication module for U2F. An information disclosure vulnerability exists in Yubico pam-u2f version 1.0.7. The vulnerability stems from an error in configuration or other errors in the operation of a networked system or product. An unauthorized attacker could...
Yubico pam-u2f information disclosure vulnerability
Yubico pam-u2f is a portable authentication module for U2F. An information disclosure vulnerability exists in Yubico pam-u2f version 1.0.7. The vulnerability stems from an error in configuration or other errors in the operation of a networked system or product. An unauthorized attacker could...
Design/Logic Flaw
In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...