Lucene search
K

47 matches found

CVE
CVE
added yesterday7 views

CVE-2026-48980

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS5.3AI score0.00018EPSS
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-48983

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, a symlink race condition exists in per-device and per-user pad directory creation. pamusb uses a check-then-act pattern: it calls lstat to test for existence and then calls mkdir separate...

5.8CVSS5.3AI score0.00016EPSS
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-48982

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open without the OEXCL flag. Without OEXCL, the create operation is not atomic: two concurrent processes racing to...

5.8CVSS5.3AI score0.00015EPSS
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-48981

pamusb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, pamusb calls xmlReadFile with flags=0 when loading the configuration file, allowing libxml2 to process external entity references XXE, potentially making outbound network connections or...

6.7CVSS5.4AI score0.00015EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-48984

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...

4.7CVSS0.00016EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-48985

pam_usb (Linux hardware authentication) contains a NULL dereference in pusb_is_loginctl_local() when parsing loginctl output in versions ≤ 0.9.1. If the Remote field is just a newline, strtok_r(...) returns NULL and a subsequent strcmp(is_remote, "no") dereferences NULL, causing undefined behavio...

5.5CVSS5.4AI score0.00014EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.7 views

CVE-2026-47273

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb builds XPath expressions from user-supplied identifiers PAM username, service name and device-supplied identifiers USB device serial, model, vendor to query /etc/pamusb.conf. These identifiers...

6.5CVSS5.6AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.6 views

CVE-2026-48065

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to ndevices, a count derived from libxml2 XPath evaluation of the config file, without first enforcing an upper bound. On 32-bit targets armv7l, i686 --...

6.7CVSS5.5AI score0.00149EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.6 views

CVE-2026-48066

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS5.5AI score0.00116EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.7 views

CVE-2026-48792

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event nodes, causing pusbhasvirtualinputdevice to return 0 no virtual devices found even when every open call failed due to...

4.4CVSS5.5AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.8 views

CVE-2026-44710

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisksdrivegetserial, udisksdrivegetvendor, and udisksdrivegetmodel directly to strcmp without NULL checks. The GIO/UDisks API documentation states these...

4.6CVSS5.5AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:1 p.m.10 views

CVE-2026-44709

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRYFALLBACKAPP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked ca...

7.8CVSS6AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 9:16 p.m.12 views

CVE-2026-44713

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the socket-path component directly into a shell command passed to popen. Because the value is placed insi...

8.8CVSS0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 9:16 p.m.9 views

CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS0.00166EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 9:16 p.m.8 views

CVE-2026-44709

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRYFALLBACKAPP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked ca...

7.8CVSS0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 8:24 p.m.8 views

EUVD-2026-32662

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:24 p.m.8 views

CVE-2026-44712

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/27 8:24 p.m.16 views

CVE-2026-44712

pam_usb on Linux is vulnerable prior to 0.8.7 due to two issues: (1) a crafted filesystem UUID or config UUID can trigger root RCE when pamusb-conf --reset-pads is run, and (2) userName from the XML config is passed to os.system(), invoking a shell via pamusb-agent. Some USB controllers may permi...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:20 p.m.7 views

CVE-2026-44709 pam_usb: PINENTRY_FALLBACK_APP environment variable allows arbitrary command execution

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRYFALLBACKAPP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked ca...

7.8CVSS6AI score0.00151EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:20 p.m.11 views

CVE-2026-44709

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRYFALLBACKAPP environment variable and executes it directly without any validation. Any process that can set environment variables before pamusb-pinentry is invoked ca...

7.8CVSS6AI score0.00151EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder