Mcdope Pam_usb
15 CVEs affecting Mcdope Pam_usb. Latest disclosed: 2026-05-27. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44713 | High | 8.8 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, spli… |
CVE-2026-44712 | High | 8.2 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes r… |
CVE-2026-48064 | High | 8.1 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, when a PAM service is configured with deny_remote=false in p… |
CVE-2026-44711 | High | 7.9 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authen… |
CVE-2026-44709 | High | 7.8 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment… |
CVE-2026-47269 | High | 7.4 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb's deny_remote feature checks utmpx ut_addr_v6 to de… |
CVE-2026-47272 | High | 7.1 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusb_pad_compare() function in src/pad.c only verified t… |
CVE-2026-48065 | Medium | 6.7 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices… |
CVE-2026-47273 | Medium | 6.5 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifi… |
CVE-2026-47270 | Medium | 6.3 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo… |
CVE-2026-47274 | Medium | 6.3 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries thr… |
CVE-2026-48066 | Medium | 5.7 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is wri… |
CVE-2026-47271 | Medium | 5.1 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xr… |
CVE-2026-44710 | Medium | 4.6 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_se… |
CVE-2026-48792 | Medium | 4.4 | 2026-05-27 | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev… |