Lucene search
+L

19 matches found

openvas
openvas
added 2025/06/04 12:0 a.m.7 views

SUSE: Security Advisory (SUSE-SU-2025:0689-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.2CVSS5.2AI score0.00681EPSS
Exploits0References5
openvas
openvas
added 2025/03/21 12:0 a.m.8 views

Ubuntu: Security Advisory (USN-7363-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.2CVSS7.1AI score0.00681EPSS
Exploits0References2
ubuntu
ubuntu
added 2025/03/20 6:43 p.m.8 views

USN-7363-1: PAM-PKCS#11 vulnerabilities

Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS11 did not properly handle certain return codes when authentication was not possible. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. CVE-2025-24531 It was...

9.2CVSS7.7AI score0.00681EPSS
Exploits0
osv
osv
added 2025/03/20 6:43 p.m.5 views

USN-7363-1 pam-pkcs11 vulnerabilities

Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS11 did not properly handle certain return codes when authentication was not possible. An attacker could possibly use this issue to bypass authentication. This issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. CVE-2025-24531 It was...

9.2CVSS5.8AI score0.00681EPSS
Exploits0References3
nessus
nessus
added 2025/03/20 12:0 a.m.7 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : PAM-PKCS#11 vulnerabilities (USN-7363-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7363-1 advisory. Marcus Rckert and Matthias Gerstner discovered that PAM-PKCS11 did not properly handle certain...

9.2CVSS7.8AI score0.00681EPSS
Exploits0References3
nessus
nessus
added 2025/03/06 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-24032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value...

9.2CVSS7.3AI score0.00681EPSS
Exploits0References2
suse
suse
added 2025/02/25 10:38 a.m.3 views

Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: CVE-2025-24032: default value for certpolicy none allows for authentication bypass bsc1237062. CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash bsc1237058. Patch...

7.5CVSS7.6AI score0.00681EPSS
Exploits0References8
openvas
openvas
added 2025/02/25 12:0 a.m.9 views

openSUSE Security Advisory (SUSE-SU-2025:0689-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.2CVSS5.2AI score0.00681EPSS
Exploits0References5
suse
suse
added 2025/02/24 12:55 p.m.2 views

Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: CVE-2025-24032: default value for certpolicy none allows for authentication bypass bsc1237062. CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash bsc1237058. Patch...

7.5CVSS7.6AI score0.00681EPSS
Exploits0References8
osv
osv
added 2025/02/24 12:55 p.m.6 views

SUSE-SU-2025:0688-1 Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: - CVE-2025-24032: default value for certpolicy none allows for authentication bypass bsc1237062. - CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash bsc1237058...

9.2CVSS6.7AI score0.00681EPSS
Exploits0References5
debian
debian
added 2025/02/18 12:19 p.m.10 views

[SECURITY] [DLA 4058-1] pam-pkcs11 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4058-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 18, 2025 https://wiki.debian.org/LTS -...

9.2CVSS6.6AI score0.00681EPSS
Exploits0
openvas
openvas
added 2025/02/18 12:0 a.m.10 views

Debian: Security Advisory (DLA-4058-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.2CVSS7.1AI score0.00681EPSS
Exploits0References2
nessus
nessus
added 2025/02/18 12:0 a.m.10 views

Debian dla-4058 : libpam-pkcs11 - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4058 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4058-1 [email protected] https://www.debian.org/lts/security/...

9.2CVSS7.4AI score0.00681EPSS
Exploits0References4
openvas
openvas
added 2025/02/13 12:0 a.m.10 views

Debian: Security Advisory (DSA-5864-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.2CVSS7.1AI score0.00681EPSS
Exploits0References2
nessus
nessus
added 2025/02/12 12:0 a.m.8 views

Debian dsa-5864 : libpam-pkcs11 - security update

The remote Debian 12 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5864 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5864-1 [email protected] https://www.debian.org/securit...

9.2CVSS7.6AI score0.00681EPSS
Exploits0References6
circl
circl
added 2025/02/10 3:50 p.m.8 views

CVE-2025-24032

creationtimestamp| type| source ---|---|--- 2025-02-10 15:50:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113980382711327196 2025-02-10 16:16:47+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhtk6j6lx42c 2025-02-10 16:31:11+00:00| seen|...

9.2CVSS7.7AI score0.00681EPSS
Exploits0References8
cvelist
cvelist
added 2025/02/10 3:43 p.m.34 views

CVE-2025-24032 PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`)

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

9.2CVSS0.00681EPSS
Exploits0References5
osv
osv
added 2025/02/10 3:43 p.m.11 views

CVE-2025-24032 PAM-PKCS#11 vulnerable to authentication bypass with default value for `cert_policy` (`none`)

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

9.2CVSS7.4AI score0.00681EPSS
Exploits0References10
cve
cve
added 2025/02/10 3:43 p.m.821 views

CVE-2025-24032

PAM-PKCS#11 (Linux-PAM) vulnerability CVE-2025-24032 affects pam_pkcs11-0.6.0 and later up to 0.6.12/0.6.13 era, where the default cert_policy of none may bypass private-key signature checks. An attacker could create a token containing the user’s public data (e.g., certificate) and a known PIN an...

9.2CVSS7.7AI score0.00681EPSS
Exploits0References8
Rows per page
Query Builder