Monthly
Authentication bypass in pam_usb prior to 0.9.1 allows a local low-privileged user to circumvent hardware token requirements by exploiting silent EACCES error suppression in the virtual input device scanner. When the PAM module's evdev.c component fails to open /dev/input/event* nodes due to permission errors, it returns a false negative indicating no virtual devices are present, and the caller in local.c proceeds with authentication as if the hardware check passed cleanly. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.0%.
`gh` is GitHub’s official command line tool. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.
A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Authentication bypass in pam_usb prior to 0.9.1 allows a local low-privileged user to circumvent hardware token requirements by exploiting silent EACCES error suppression in the virtual input device scanner. When the PAM module's evdev.c component fails to open /dev/input/event* nodes due to permission errors, it returns a false negative indicating no virtual devices are present, and the caller in local.c proceeds with authentication as if the hardware check passed cleanly. No public exploit has been identified at time of analysis, and this vulnerability is not listed in the CISA KEV catalog.
Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 60.0%.
`gh` is GitHub’s official command line tool. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable. No vendor patch available.
A flaw was found in rsync. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.