Lucene search
K

4 matches found

CVE
CVE
added 2026/06/18 7:7 p.m.18 views

CVE-2026-48983

CVE-2026-48983 affects pam_usb prior to version 0.9.2, where a TOCTOU race in per-device and per-user pad directory creation can be exploited via a symlink substitution. pam_usb performs a check-then-act using lstat() followed by mkdir(), allowing a local attacker to replace the target path with ...

5.8CVSS5.3AI score0.00084EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.14 views

PT-2026-50784

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description A symlink race condition exists in the creation of per-device and per-user pad directories. The software employs a check-then-act pattern, where it calls lstat to verify existence and subsequently...

5.8CVSS5.9AI score0.00084EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-47272

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusbpadcompare function in src/pad.c only verified that the user-side pad /.pamusb/device.pad could be read, but did not enforce that the system-side pad the pad file on the USB device was also...

7.1CVSS5.5AI score0.00119EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-44085

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusb pad compare function in src/pad.c only verified that the user-side pad /.pamusb/device.pad could be read, but did not enforce that the system-side pad the pad file on the USB device was als...

7.1CVSS5.9AI score0.00119EPSS
Exploits0References2
Rows per page
Query Builder