Monthly
Environment variable injection in pam_usb prior to version 0.9.2 allows a local authenticated user to bypass hardware USB token authentication by manipulating the XRDP_SESSION, DISPLAY, or TMUX environment variables before invoking setuid binaries such as sudo or su. Because the PAM module calls standard getenv() - which does not sanitize values in privileged contexts - attacker-controlled environment data is used to determine whether the current session is local or remote, potentially defeating the core purpose of hardware-enforced authentication. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the authentication bypass impact makes this a high-priority upgrade for any deployment relying on pam_usb for privileged command gating.
External initialization in Kirby CMS (getkirby/cms <= 4.9.3 and 5.0.0-alpha.1 through 5.4.3) lets a remote unauthenticated attacker complete the Panel installation and create the first admin user on not-yet-installed sites. The flaw is a bypass of Kirby's isLocal safeguard: when a site sits behind a reverse proxy that emits the Forwarded: for=..., X-Client-IP, or X-Real-IP header, Kirby wrongly treats the forwarded external request as local and permits admin creation. No public exploit is identified at time of analysis and it is not in CISA KEV, but the vendor rates it critical (CVSS 4.0 base 9.1) and a full source fix is public.
Local privilege escalation in Azure Entra ID SSH Login Extension for Linux stems from improper initialization of trusted variables, enabling unauthenticated attackers on affected systems to gain elevated privileges. This high-severity vulnerability (CVSS 8.1) requires local access but can compromise system confidentiality, integrity, and availability across trust boundaries. No patch is currently available.
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.
Environment variable injection in pam_usb prior to version 0.9.2 allows a local authenticated user to bypass hardware USB token authentication by manipulating the XRDP_SESSION, DISPLAY, or TMUX environment variables before invoking setuid binaries such as sudo or su. Because the PAM module calls standard getenv() - which does not sanitize values in privileged contexts - attacker-controlled environment data is used to determine whether the current session is local or remote, potentially defeating the core purpose of hardware-enforced authentication. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the authentication bypass impact makes this a high-priority upgrade for any deployment relying on pam_usb for privileged command gating.
External initialization in Kirby CMS (getkirby/cms <= 4.9.3 and 5.0.0-alpha.1 through 5.4.3) lets a remote unauthenticated attacker complete the Panel installation and create the first admin user on not-yet-installed sites. The flaw is a bypass of Kirby's isLocal safeguard: when a site sits behind a reverse proxy that emits the Forwarded: for=..., X-Client-IP, or X-Real-IP header, Kirby wrongly treats the forwarded external request as local and permits admin creation. No public exploit is identified at time of analysis and it is not in CISA KEV, but the vendor rates it critical (CVSS 4.0 base 9.1) and a full source fix is public.
Local privilege escalation in Azure Entra ID SSH Login Extension for Linux stems from improper initialization of trusted variables, enabling unauthenticated attackers on affected systems to gain elevated privileges. This high-severity vulnerability (CVSS 8.1) requires local access but can compromise system confidentiality, integrity, and availability across trust boundaries. No patch is currently available.
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.