10 matches found
EUVD-2026-9000
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
CVE-2026-28372
telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login1 implementation of util-linux in release 2.40. This is related to client control over the CREDENTIALSDIRECTORY environment variable, and require...
PT-2026-22300
Name of the Vulnerable Software and Affected Versions GNU inetutils versions through 2.7 Description A privilege escalation issue exists in telnetd within GNU inetutils. The issue stems from improper handling of the CREDENTIALS DIRECTORY environment variable, introduced with systemd service...
EUVD-2025-4192
Malicious code in bioql PyPI...
Slackware: Security Advisory (SSA:2025-260-03)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-26409
A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed in...
PT-2025-6173 · Wattsense · Wattsense Bridge
Name of the Vulnerable Software and Affected Versions: Wattsense Bridge devices versions prior to BSP 6.4.1 Description: A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well...
DEBIAN-CVE-2025-24032
PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...
DEBIAN-CVE-2006-7108
login in util-linux-2.12a skips pamacctmgmt and chauthtok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pamacctmgmt and chauthtok...
GLSA-200404-06 : Util-linux login may leak sensitive data
The remote host is affected by the vulnerability described in GLSA-200404-06 Util-linux login may leak sensitive data In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems...