13 matches found
Astra Linux - уязвимость в opensc
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process when using the pkcs15-init function. To exploit these vulnerabilities, an attacker must have physical access to the computer system and use a custom-constructed USB device or sma...
Astra Linux - уязвимость в opensc
A heap-based buffer overflow vulnerability was discovered in the libopensc OpenPGP driver. A specially crafted USB device or smart card, containing malicious responses to APDUs during the card enrollment process using the pkcs15-init tool, may lead to unauthorized access, potentially resulting in...
17gz International Student service system 安全漏洞
17gz International Student service system is an online system for the enrollment service process from 17gz Inc. A security vulnerability exists in 17gz International Student service system version 1.0, which originates from a cross-site scripting vulnerability in the enrollment step that could le...
AZL-49059 CVE-2024-8443 affecting package opensc for versions less than 0.26.1-1
A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the pkcs15-init tool may lead to out-of-bound rights, possibly resulting in arbitrary code...
CVE-2024-7401
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a...
PT-2024-38324
Name of the Vulnerable Software and Affected Versions Netskope Client affected versions not specified Description A security issue exists in the Netskope Client enrollment process. The NSClient utilizes a static token, Orgkey, as an authentication parameter. Because this token is static, it canno...
PT-2024-9391 · Opensc +5 · Opensc +5
Name of the Vulnerable Software and Affected Versions: OpenSC affected versions not specified Description: A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. This issue arises when a crafted USB device or smart card provides malicious responses to the APDUs duri...
AVSystem Unified Management Platform Security Vulnerability
AVSystem Unified Management Platform is a comprehensive management platform from AVSystem designed to help enterprises, service providers and carriers manage and monitor their network devices, Internet of Things IoT devices and services. A security vulnerability exists in AVSystem Unified...
OpenSC: multiple memory issues with pkcs15-init (enrollment tool)
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...
SUSE-SU-2023:4104-1 Security update for opensc
This update for opensc fixes the following issues: - CVE-2023-40660: Fixed a PIN bypass that could be triggered when cards tracked their own login state bsc1215762. - CVE-2023-40661: Fixed several memory safety issues that could happen during the card enrollment process using pkcs15-init bsc12157...
CVE-2022-34831
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...
How to Enroll Windows 10 Desktops/Laptops to XenMobile
This article will help you to enroll Windows 10 Desktops/Laptops to XenMobile...
CVE-2002-0673
CVE-2002-0673 concerns Pingtel xpressa SIP phones (PX-1, software 1.2.5–1.2.7.4). The vulnerability enables attackers with physical access to log out the current user via the enrollment process and re-register the phone using MyPingtel Sign-In, gaining remote access and allowing unauthorized acti...