#cwe-390

共收录 2 条相关安全情报。

CVE-2026-48792

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* nodes, causing pusb_has_virtual_input_device() to return 0 (no virtual devices found) even when every open() call failed due to insufficient permissions. The caller in src/local.c cannot distinguish a clean absence of virtual d

💡 影响/原因: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)

CVE-2026-44310

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereferences certs[0] after sd.GetCertificates() without checking the slice length. A CMS/PKCS7 signed message with an empty certificate set is a structurally valid DER payload; GetCertificates() returns an empty

💡 影响/原因: 原文内容（由于配额限制，未进行深度 LLM 分析）

🎯 建议动作: 建议根据原文自行评估

排序因子: Primary 数据源 (+3) | LLM 评分加成 (+0.4)

Cyber Security Daily Radar

#cwe-390

pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* node...

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go uncon...