Lucene search
K

24 matches found

EUVD
EUVD
added 2026/01/16 12:0 a.m.4 views

EUVD-2025-206298

In OpenSC pampkcs11 before 0.6.13, pamsmauthenticate wrongly returns PAMIGNORE in many error situations such as an error triggered by a smartcard before login, allowing authentication bypass...

6.7CVSS6.6AI score0.00235EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-24031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pampkcs11 module segfaults when a use...

5.1CVSS4.9AI score0.00139EPSS
Exploits0References3
Redos
Redos
added 2025/07/23 12:0 a.m.6 views

ROS-20250723-01

The vulnerability of the PAM-PKCS11 authentication module of Linux operating systems is related to the fact that the value of the certpolicy defaults to "none". Exploitation of the vulnerability could allow an attacker acting remotely to bypass the authentication process. remotely to bypass the...

9.2CVSS7.8AI score0.00677EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/06/20 7:56 a.m.4 views

Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: CVE-2025-6018: Removes pamenv from auth stack for security reason bsc1243226. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

8.6CVSS7.4AI score0.00957EPSS
Exploits13References4
SUSE Linux
SUSE Linux
added 2025/06/20 7:56 a.m.3 views

Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: CVE-2025-6018: Removes pamenv from auth stack for security reason bsc1243226. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

8.6CVSS7.4AI score0.00957EPSS
Exploits13References4
SUSE Linux
SUSE Linux
added 2025/06/19 1:31 p.m.3 views

Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: CVE-2025-6018: Removes pamenv from auth stack for security reason bsc1243226. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

8.6CVSS7.9AI score0.00957EPSS
Exploits13References4
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.5 views

PT-2025-25774

Name of the Vulnerable Software and Affected Versions Linux PAM pam-config affected versions not specified Description A Local Privilege Escalation LPE flaw exists in pam-config within Linux Pluggable Authentication Modules PAM. This issue allows an unprivileged local attacker, such as one...

7.8CVSS7.1AI score0.00957EPSS
Exploits13References133
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.4 views

Astra Linux – Vulnerability in pam-pkcs11

In OpenSC’s pampkcs11 before version 0.6.13, the pamsmauthenticate function incorrectly returns PAMIGNORE in many error situations such as an error triggered by a smartcard before login, allowing authentication bypass...

6.7CVSS7.3AI score0.00235EPSS
Exploits0References3
Rosalinux
Rosalinux
added 2025/04/11 9:55 p.m.7 views

Advisory ROSA-SA-2025-2822

Software: pampkcs11 0.6.13 OS: ROSA Virtualization 3.0 packageevrstring: pampkcs11-0.6.13-1.rv30 CVE-ID: CVE-2025-24032 BDU-ID: None CVE-Crit: DATA LOSSES. CVE-DESC.: The PAM-PKCS11 vulnerability allows an attacker to log in to a user account using a token created by the user. CVE-STATUS: The...

9.2CVSS6.7AI score0.00677EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2025/02/26 1:23 p.m.2 views

Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: CVE-2025-24531: Fixed regression in version 0.6.12 returning PAMIGNORE in many situations with possible authentication bypass bsc1236314. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

9.3CVSS7.6AI score0.00235EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2025/02/25 10:38 a.m.2 views

Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: CVE-2025-24032: default value for certpolicy none allows for authentication bypass bsc1237062. CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash bsc1237058. Patch...

7.5CVSS7.6AI score0.00677EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2025/02/24 12:55 p.m.2 views

Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: CVE-2025-24032: default value for certpolicy none allows for authentication bypass bsc1237062. CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to crash bsc1237058. Patch...

7.5CVSS7.6AI score0.00677EPSS
Exploits0References8
Debian
Debian
added 2025/02/18 12:19 p.m.10 views

[SECURITY] [DLA 4058-1] pam-pkcs11 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4058-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 18, 2025 https://wiki.debian.org/LTS -...

9.2CVSS6.6AI score0.00677EPSS
Exploits0
OSV
OSV
added 2025/02/18 12:0 a.m.7 views

DLA-4058-1 pam-pkcs11 - security update

Bulletin has no description...

9.2CVSS6.3AI score0.00677EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/02/18 12:0 a.m.10 views

Debian: Security Advisory (DLA-4058-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.2CVSS7.1AI score0.00677EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/02/13 12:0 a.m.10 views

Debian: Security Advisory (DSA-5864-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.2CVSS7.1AI score0.00677EPSS
Exploits0References2
Debian
Debian
added 2025/02/12 1:34 p.m.10 views

[SECURITY] [DSA 5864-1] pam-pkcs11 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5864-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 12, 2025 https://www.debian.org/security/faq -...

9.2CVSS6.9AI score0.00677EPSS
Exploits0
OSV
OSV
added 2025/02/12 12:0 a.m.6 views

DSA-5864-1 pam-pkcs11 - security update

Bulletin has no description...

9.2CVSS7.7AI score0.00677EPSS
Exploits0
NVD
NVD
added 2025/02/10 4:15 p.m.7 views

CVE-2025-24032

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

9.2CVSS0.00677EPSS
Exploits0References8
NVD
NVD
added 2025/02/10 4:15 p.m.10 views

CVE-2025-24031

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pampkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, pamgetpwd will never initialize the password...

5.1CVSS0.00139EPSS
Exploits0References3
Rows per page
Query Builder