48 matches found
CVE-2026-48980
The PAM module pam_usb is affected by a local-access vulnerability in earlier releases (pre-0.9.2) where getenv() in a PAM context returns attacker-controlled values for XRDP_SESSION, DISPLAY, and TMUX when the environment is manipulated by a local user. These values influence local-vs-remote ses...
CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic
pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...
CVE-2026-47270
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...
CVE-2026-47270
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...
EUVD-2026-32655
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...
CVE-2026-47270 pam_usb: strtok() race condition in multi-threaded PAM hosts can corrupt deny_remote result
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb is a PAM module loaded into the host process sudo, login, GDM, GNOME Shell. Display managers such as GDM run multiple concurrent authentication threads. Three functions used by the denyremote...
CLSA-2026-1777378650 Fix CVE(s): CVE-2023-26604
SECURITY UPDATE: systemctl may pass arbitrary shell commands from a pager like more1 that does not honor LESSSECURE, allowing privilege escalation under sudo. - debian/patches/CVE-2023-26604.patch: set LESSSECURE=1 when invoking a pager, rename to SYSTEMDPAGERSECURE, gate insecure pagers behind...
CVE-2025-8956
A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-8956
A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-8956
A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-8956
D-Link DIR-818L firmware up to 1.05B01 is affected by a vulnerability in the getenv function of /htdocs/cgibin (ssdpcgi), enabling remote command injection. The issue allows an attacker to remotely exploit the vulnerability; the public exploit has been disclosed. Remediation: upgrade to a version...
CVE-2025-8956 D-Link DIR‑818L ssdpcgi cgibin getenv command injection
A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-8956 D-Link DIR‑818L ssdpcgi cgibin getenv command injection
A vulnerability was found in D-Link DIR‑818L up to 1.05B01. This issue affects the function getenv of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...
PT-2025-33148 · D Link · D-Link Dir-818Lw
Name of the Vulnerable Software and Affected Versions: D-Link DIR-818L versions up to 1.05B01 Description: A vulnerability exists in D-Link DIR-818L that allows for remote command injection. The issue is located within the getenv function of the /htdocs/cgibin file, specifically in the ssdpcgi...
CVE-2024-7440
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek CC8160 VVTK-0100d. It has been classified as critical. This affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. It is possible to initiate the attack remotel...
The vulnerability of the httpGetEnv() function (/userRpm/WanSlaacCfgRpm.htm) in the TP-Link TL-WR841ND router’s software allows a hacker to cause a service failure.
The vulnerability of the httpGetEnv function /userRpm/WanSlaacCfgRpm.htm in the TP-Link TL-WR841ND router’s software is related to buffer overflows caused by improper cleaning or release of resources when processing the dnsserver1 and dnsserver2 parameters. Exploiting this vulnerability allows an...
CVE-2024-7443 Vivotek IB8367A upload_file.cgi getenv command injection
UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in Vivotek IB8367A VVTK-0100b. Affected is the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. It is possible to launch the attack remotely. The...
CVE-2024-7442
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. The attack may be initiated remotely. The...
CVE-2024-7442 Vivotek SD9364 upload_file.cgi getenv command injection
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. The attack may be initiated remotely. The...
CVE-2024-7442 Vivotek SD9364 upload_file.cgi getenv command injection
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Vivotek SD9364 VVTK-0103f. It has been rated as critical. This issue affects the function getenv of the file uploadfile.cgi. The manipulation of the argument QUERYSTRING leads to command injection. The attack may be initiated remotely. The...