mcdope

Top products

The 15 most recently published vulnerabilities affecting mcdope.

• CVE-2026-48980pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic6.3Jun 18, 2026
• CVE-2026-48983pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution5.8Jun 18, 2026
• CVE-2026-48982pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race5.8Jun 18, 2026
• CVE-2026-48981pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c6.7Jun 18, 2026
• CVE-2026-48985pam_usb: NULL Dereference Crash in pusb_is_loginctl_local when loginctl Returns Empty Remote Field5.5Jun 18, 2026
• CVE-2026-48986pam_usb: Infinite loop DoS in process-tree walk when parent process exits during authentication4.7Jun 18, 2026
• CVE-2026-48984pam_usb: xfree() does not call explicit_bzero — sensitive cryptographic material may linger in freed heap4.7Jun 18, 2026
• CVE-2026-44712pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent8.2May 27, 2026
• CVE-2026-44709pam_usb: PINENTRY_FALLBACK_APP environment variable allows arbitrary command execution7.8May 27, 2026
• CVE-2026-44710pam_usb: NULL pointer dereference from UDisks device fields causes PAM crash and login denial-of-service4.6May 27, 2026
• CVE-2026-44711pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption7.9May 27, 2026
• CVE-2026-44713pam_usb: Command injection via $TMUX environment variable leads to RCE as root8.8May 27, 2026
• CVE-2026-47269pam_usb: deny_remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as local7.4May 27, 2026
• CVE-2026-47270pam_usb: strtok() race condition in multi-threaded PAM hosts can corrupt deny_remote result6.3May 27, 2026
• CVE-2026-47271pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process crash5.1May 27, 2026