31 matches found
MiracleLinux 8 : opensc-0.20.0-7.el8_9 (AXSA:2024-7353:02)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7353:02 advisory. OpenSC: Potential PIN bypass when card tracks its own login state CVE-2023-40660 OpenSC: multiple memory issues with pkcs15-init enrollment tool...
Azure Linux 3.0 Security Update: opensc (CVE-2023-40661)
The version of opensc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40661 advisory. - Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollme...
CBL Mariner 2.0 Security Update: opensc (CVE-2023-40661)
The version of opensc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40661 advisory. - Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollme...
CVE-2023-40661 affecting package opensc for versions less than 0.23.0-5
CVE-2023-40661 affecting package opensc for versions less than 0.23.0-5. A patched version of the package is available...
USN-7346-2 opensc regression
USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that OpenSC...
Linux Distros Unpatched Vulnerability : CVE-2023-40661
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or...
Advisory ROSA-SA-2025-2580
software: opensc 0.23.0 OS: ROSA-CHROME packageevrstring: opensc-0.23.0-2 CVE-ID: CVE-2023-40660 BDU-ID: 2024-02589 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSC smart card software toolkit and libraries is related to the fact that token/card authentication by one process can perform...
CVE-2023-40661 affecting package opensc for versions less than 0.25.1-3
CVE-2023-40661 affecting package opensc for versions less than 0.25.1-3. An upgraded version of the package is available that resolves this issue...
RHEL 7 : opensc (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - opensc: Double free in coolkeyfreeprivatedata in libopensc/card-coolkey.c CVE-2019-20792 - opensc: buffer...
CentOS 8 : opensc (CESA-2023:7876)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2023:7876 advisory. - A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographi...
AlmaLinux 9 : opensc (ALSA-2023:7879)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:7879 advisory. - A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic...
Fedora 39 : opensc (2023-a854153d7a)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a854153d7a advisory. New upstream release 2240701 with security fixes for CVE-2023-40660, CVE-2023-4535, CVE-2023-40661 Tenable has extracted the preceding description...
AlmaLinux 8 : opensc (ALSA-2023:7876)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:7876 advisory. - A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic...
Moderate: Red Hat Security Advisory: opensc security update
An update for opensc is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: Red Hat Security Advisory: opensc security update
An update for opensc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Moderate: opensc security update
The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Potential PIN bypass when card tracks it...
Moderate: opensc security update
The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Potential PIN bypass when card tracks it...
ALSA-2023:7879 Moderate: opensc security update
The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Potential PIN bypass when card tracks it...
opensc security update
0.23.0-3 - Fix file caching with different offsets RHEL-4079 - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys - Fix CVE-2023-5992: Side-channel...
RHEL 9 : opensc (RHSA-2023:7879)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7879 advisory. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic...