Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

mcdope — Vulnerabilities & Security Advisories 22

Browse all 22 CVE security advisories affecting mcdope. AI-powered Chinese analysis, POCs, and references for each vulnerability.

This page provides a comprehensive aggregation of security vulnerabilities associated with the vendor mcdope, specifically focusing on Common Weakness Enumeration classifications and related security tags. The content herein compiles data from various public sources to offer a unified view of the security posture regarding mcdope products and services. This collection covers a broad spectrum of vulnerability types, including but not limited to remote code execution, cross-site scripting, and privilege escalation flaws, spanning from early historical disclosures to the most recent advisories released by the vendor or third-party researchers. The time range extends back several years to capture legacy issues that may still impact older deployments, while also tracking active, unresolved threats in contemporary versions. By centralizing this information, the page aims to reduce the friction typically involved in manual research and verification processes. Visitors can use this resource to track the vendor’s advisory timeline, observing how quickly critical issues are acknowledged and patched over time. Users may also study specific weakness classes to understand recurring patterns in mcdope’s codebase or architecture. Additionally, the page serves as a lookup tool for retrieving the complete vulnerability history of specific mcdope products, allowing security professionals to assess risk exposure based on version numbers and release dates without navigating fragmented external sites.

Top products by mcdope: pam_usb
CVE IDTitleCVSSSeverityPublished
CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic — pam_usbCWE-454 6.3 Medium2026-06-18
CVE-2026-48983 pam_usb: TOCTOU race condition in pad directory creation allows symlink substitution — pam_usbCWE-367 5.8 Medium2026-06-18
CVE-2026-48982 pam_usb: Missing O_EXCL on pad temp file creation allows concurrent update race — pam_usbCWE-362 5.8 Medium2026-06-18
CVE-2026-48981 pam_usb: xmlReadFile flags=0 permits XXE network entity fetching in conf.c — pam_usbCWE-611 6.7 Medium2026-06-18
CVE-2026-48985 pam_usb: NULL Dereference Crash in pusb_is_loginctl_local when loginctl Returns Empty Remote Field — pam_usbCWE-476 5.5 Medium2026-06-18
CVE-2026-48986 pam_usb: Infinite loop DoS in process-tree walk when parent process exits during authentication — pam_usbCWE-835 4.7 Medium2026-06-18
CVE-2026-48984 pam_usb: xfree() does not call explicit_bzero — sensitive cryptographic material may linger in freed heap — pam_usbCWE-14 4.7 Medium2026-06-18
CVE-2026-44712 pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent — pam_usbCWE-78 8.2 High2026-05-27
CVE-2026-44709 pam_usb: PINENTRY_FALLBACK_APP environment variable allows arbitrary command execution — pam_usbCWE-78 7.8 High2026-05-27
CVE-2026-44710 pam_usb: NULL pointer dereference from UDisks device fields causes PAM crash and login denial-of-service — pam_usbCWE-476 4.6 Medium2026-05-27
CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption — pam_usbCWE-59 7.9 High2026-05-27
CVE-2026-44713 pam_usb: Command injection via $TMUX environment variable leads to RCE as root — pam_usbCWE-78 8.8 High2026-05-27
CVE-2026-47269 pam_usb: deny_remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as local — pam_usbCWE-284 7.4 High2026-05-27
CVE-2026-47270 pam_usb: strtok() race condition in multi-threaded PAM hosts can corrupt deny_remote result — pam_usbCWE-362 6.3 Medium2026-05-27
CVE-2026-47271 pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process crash — pam_usbCWE-476 5.1 Medium2026-05-27
CVE-2026-47272 pam_usb: OTP pad authentication bypass via missing system pad check and uninitialized RNG buffer — pam_usbCWE-287 7.1 High2026-05-27
CVE-2026-47273 pam_usb: XPath injection via PAM-supplied identifiers in pam_usb configuration queries — pam_usbCWE-91 6.5 Medium2026-05-27
CVE-2026-47274 pam_usb: Uncontrolled search path in pam_usb tools allows privilege escalation via PATH manipulation — pam_usbCWE-427 6.3 Medium2026-05-27
CVE-2026-48064 pam_usb: PAM_RHOST check skipped when deny_remote=false allows XDMCP authentication bypass — pam_usbCWE-863 8.1 High2026-05-27
CVE-2026-48065 pam_usb: Unchecked integer multiplication before xmalloc() in conf.c allows heap-based buffer overflow on 32-bit targets — pam_usbCWE-122 6.7 Medium2026-05-27
CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication — pam_usbCWE-362 5.7 Medium2026-05-27
CVE-2026-48792 pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution — pam_usbCWE-390 4.4 Medium2026-05-27

This page lists every published CVE security advisory associated with mcdope. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.