Lucene search
+L

176 matches found

Rosalinux
Rosalinux
added 2024/07/23 11:31 a.m.26 views

Advisory ROSA-SA-2024-2456

Software: selinux-policy 3.14.3 OS: ROSA Virtualization 2.1 packageevrstring: selinux-policy-3.14.3 CVE-ID: CVE-2020-24612 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A problem was detected in the selinux-policy package because the .config/Yubico directory is not handled correctly. Consequently, whe...

6.7CVSS7.3AI score0.00317EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.3 views

SUSE CVE-2019-12209

Yubico pam-u2f 1.0.7 attempts parsing of the configured authfile default $HOME/.config/Yubico/u2fkeys as root unless openasuser was enabled, and does not properly verify that the path lacks symlinks pointing to other files on the system owned by root. If the debug option is enabled in the PAM...

4.6CVSS7AI score0.02885EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.5 views

SUSE CVE-2019-12210

In Yubico pam-u2f 1.0.7, when configured with debug and a custom debug log file is set using debugfile, that file descriptor is not closed when a new process is spawned. This leads to the file descriptor being inherited into the child process; the child process can then read from and write to it...

6.8CVSS6.6AI score0.0187EPSS
Exploits1References9
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.5 views

SUSE CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

7.3CVSS6.7AI score0.00333EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.33 views

EulerOS Virtualization 2.9.1 : selinux-policy (EulerOS-SA-2022-2366)

According to the versions of the selinux-policy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the...

6.7CVSS5.2AI score0.00317EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/23 12:0 a.m.29 views

EulerOS Virtualization 2.9.0 : selinux-policy (EulerOS-SA-2022-2402)

According to the versions of the selinux-policy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the...

6.7CVSS5.2AI score0.00317EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2022/08/10 12:0 a.m.33 views

Yubico pam-u2f: Local PIN Bypass vulnerability

Background Yubico pam-u2f is a PAM module for FIDO2 and U2F keys. Description A logic issue in Yubico pam-u2f could result in the bypass of a PIN entry requirement when authenticating with FIDO2. Impact An attacker with local access to certain applications using pam-u2f for authentication could...

6.8CVSS3.2AI score0.00333EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/08/10 12:0 a.m.35 views

GLSA-202208-11 : Yubico pam-u2f: Local PIN Bypass vulnerability

The remote host is affected by the vulnerability described in GLSA-202208-11 Yubico pam-u2f: Local PIN Bypass vulnerability - Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not...

6.8CVSS6.9AI score0.00333EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/07/29 12:0 a.m.37 views

EulerOS 2.0 SP10 : selinux-policy (EulerOS-SA-2022-2171)

According to the versions of the selinux-policy packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the .config/Yubico directory ...

6.7CVSS5.2AI score0.00317EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.21 views

EulerOS 2.0 SP9 : selinux-policy (EulerOS-SA-2022-1982)

According to the versions of the selinux-policy packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the .config/Yubico directory ...

6.7CVSS5.2AI score0.00317EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/07/08 12:0 a.m.21 views

EulerOS 2.0 SP9 : selinux-policy (EulerOS-SA-2022-2012)

According to the versions of the selinux-policy packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in the selinux-policy aka Reference Policy package 3.14 through 2020-08-24 because the .config/Yubico directory ...

6.7CVSS5.2AI score0.00317EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/07/08 12:0 a.m.15 views

Huawei EulerOS: Security Advisory for selinux-policy (EulerOS-SA-2022-2012)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.7CVSS4.8AI score0.00317EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/12/15 12:0 a.m.11 views

Fedora: Security Advisory for pam-u2f (FEDORA-2021-724f4733e9)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8CVSS6.8AI score0.00333EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2021/12/15 12:0 a.m.15 views

Fedora: Security Advisory for pam-u2f (FEDORA-2021-a52d48b1c2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.8CVSS6.8AI score0.00333EPSS
Exploits0References2
Fedora
Fedora
added 2021/12/14 12:56 a.m.41 views

[SECURITY] Fedora 34 Update: pam-u2f-1.2.0-2.fc34

The PAM U2F module provides an easy way to integrate the Yubikey or other U2F-compliant authenticators into your existing user authentication infrastructure...

4.8AI score0.00333EPSS
Exploits0
Fedora
Fedora
added 2021/12/13 5:12 p.m.50 views

[SECURITY] Fedora 35 Update: pam-u2f-1.2.0-2.fc35

The PAM U2F module provides an easy way to integrate the Yubikey or other U2F-compliant authenticators into your existing user authentication infrastructure...

4.8AI score0.00333EPSS
Exploits0
Veracode
Veracode
added 2021/08/17 9:30 a.m.22 views

Verification Bypass

Yubico is vulnerable to verification bypass. It has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would sti...

6.8CVSS2.6AI score0.00333EPSS
Exploits0References8Affected Software1
ArchLinux
ArchLinux
added 2021/06/01 12:0 a.m.174 views

[ASA-202106-16] pam-u2f: authentication bypass

Arch Linux Security Advisory ASA-202106-16 ========================================== Severity: Medium Date : 2021-06-01 CVE-ID : CVE-2021-31924 Package : pam-u2f Type : authentication bypass Remote : No Link : https://security.archlinux.org/AVG-2001 Summary ======= The package pam-u2f before...

6.8CVSS0.1AI score0.00333EPSS
Exploits0References7
CNVD
CNVD
added 2021/05/31 12:0 a.m.8 views

Unspecified Vulnerability in Nitrokey FIDO U2F

Nitrokey FIDO2 is an open source security key that supports FIDO2 and U2F standards for strong two-factor authentication and passwordless login. A security vulnerability exists in Nitrokey FIDO U2F firmware version 1.1 and prior versions, which stems from the fact that communications between the...

9.8CVSS7AI score0.01853EPSS
Exploits1References1
NVD
NVD
added 2021/05/26 12:15 a.m.9 views

CVE-2021-31924

Yubico pam-u2f before 1.1.1 has a logic issue that, depending on the pam-u2f configuration and the application used, could lead to a local PIN bypass. This issue does not allow user presence touch or cryptographic signature verification to be bypassed, so an attacker would still need to physicall...

6.8CVSS0.00333EPSS
Exploits0References5
Rows per page
Query Builder