Lucene search
K

15 matches found

NVD
NVD
added 2026/06/18 8:16 p.m.13 views

CVE-2026-48982

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...

5.8CVSS0.00088EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 7:7 p.m.18 views

CVE-2026-48983

CVE-2026-48983 affects pam_usb prior to version 0.9.2, where a TOCTOU race in per-device and per-user pad directory creation can be exploited via a symlink substitution. pam_usb performs a check-then-act using lstat() followed by mkdir(), allowing a local attacker to replace the target path with ...

5.8CVSS5.3AI score0.00084EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 7:7 p.m.15 views

CVE-2026-48983 pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...

5.8CVSS0.00084EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 7:1 p.m.16 views

CVE-2026-48982 pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...

5.8CVSS0.00088EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 7:1 p.m.14 views

CVE-2026-48982

CVE-2026-48982 affects pam_usb prior to version 0.9.2, where updating a one-time pad file creates a temporary file with open() lacking O_EXCL, enabling a race between concurrent processes to update the same pad. This non-atomicity can cause the stored pad to diverge from expectations, potentially...

5.8CVSS5.3AI score0.00088EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 6:16 p.m.12 views

CVE-2026-48984

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...

4.7CVSS0.00109EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 5:6 p.m.13 views

CVE-2026-48984

pam_usb for Linux (affected: v0.9.1 and earlier) has a memory handling flaw where xfree() frees buffers without zeroing contents, potentially leaving sensitive data (including one-time pad bytes) in freed heap memory. On systems with use-after-free or heap inspection capabilities, this could perm...

4.7CVSS5.6AI score0.00109EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 5:6 p.m.6 views

CVE-2026-48984

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...

4.7CVSS5.5AI score0.00109EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/18 5:6 p.m.17 views

CVE-2026-48984 pam_usb: xfree() does not call explicit_bzero — sensitive cryptographic material may linger in freed heap

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...

4.7CVSS0.00109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.9 views

PT-2026-50783

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description This software provides hardware authentication for Linux using removable media. A race condition exists when updating a one-time pad file because a temporary file is created using the open function...

5.8CVSS5.9AI score0.00088EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.33 views

PT-2026-50769

Name of the Vulnerable Software and Affected Versions pam usb versions 0.9.1 and earlier Description The xfree memory release helper calls free without zeroing buffer contents first. This results in heap-allocated buffers containing sensitive data, such as one-time pad bytes read from disk, being...

4.7CVSS6AI score0.00109EPSS
Exploits0References7
CVE
CVE
added 2026/05/27 8:6 p.m.17 views

CVE-2026-47272

pam_usb for Linux allows local authentication bypass before version 0.9.0 due to pusb_pad_compare() only checking the user-side pad (~/.pamusb/device.pad) and not requiring the system-side pad on the USB device to be present. A local user can delete or obscure their own device.pad to bypass the U...

7.1CVSS5.9AI score0.00119EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/03/17 12:0 a.m.7 views

Synchronized DNA Sources for Unconditionally Secure Cryptography

Secure communication is the cornerstone of modern infrastructures, yet achieving unconditional security -resistant to any computational attack- remains a fundamental challenge. The One-Time Pad OTP, proven by Shannon to offer perfect secrecy, requires a shared random key as long as the message,...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/12/25 12:0 a.m.5 views

Securing Cross-Domain Internet of Drones: An RFF-PUF Allied Authenticated Key Exchange Protocol with Over-The-Air Enrollment

The Internet of Drones IoD is an emerging and crucial paradigm enabling advanced applications that require seamless, secure communication across heterogeneous and untrusted domains. In such environments, access control and the transmission of sensitive data pose significant security challenges fo...

6.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/10 12:0 a.m.7 views

Secure Data Access in Cloud Environments Using Quantum Cryptography

Cloud computing has made storing and accessing data easier but keeping it secure is a big challenge nowadays. Traditional methods of ensuring data may not be strong enough in the future when powerful quantum computers become available. To solve this problem, this study uses quantum cryptography t...

6.6AI score
Exploits0
Rows per page
Query Builder