CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

118 matches found

AstraLinux•added 2026/06/19 11:10 a.m.•5 views

Astra Linux – Vulnerability in opensc

A stack overflow vulnerability exists in the OpenSC smart card middleware before version 0.23, due to improper responses to APDUs...

7.5CVSS6.2AI score0.01144EPSS

Exploits0References2

OSV•added 2026/05/11 10:2 a.m.•5 views

CLSA-2026-1778493745 opensc: Fix of 5 CVEs

CVE-2024-45615: initialize uninitialized variables passed as arguments - CVE-2024-45616: fix insufficient control of APDU response buffer length - CVE-2024-45617: check return values to avoid uninitialized variable use - CVE-2024-45618: check return values in pkcs15-init to avoid uninitialized...

3.9CVSS6.2AI score0.00355EPSS

Exploits0References1

Cvelist•added 2026/04/23 12:27 p.m.•28 views

CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

5.7CVSS0.00176EPSS

Exploits0References4

Snyk•added 2026/04/22 5:6 p.m.•6 views

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Overview Affected versions of this package are vulnerable to Reliance on Undefined, Unspecified, or Implementation-Defined Behavior via the decodesigned32 function in src/bacnet/bacint.c that reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four...

6.3CVSS5.4AI score0.00242EPSS

Exploits1References2

CNNVD•added 2026/04/21 12:0 a.m.•6 views

BACnet Stack 安全漏洞

BACnet Stack is an open-source protocol stack for BACnet that is suitable for embedded systems, Linux, MacOS, BSD, and Windows. Versions prior to BACnet Stack 1.4.3 contained a security vulnerability. This vulnerability arises from the decodesigned32 function in src/bacnet/bacint.c, which uses...

3.7CVSS5.8AI score0.00242EPSS

Exploits1References1

SUSE CVE•added 2026/03/31 11:29 p.m.•4 views

SUSE CVE-2025-49010

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...

3.8CVSS5.8AI score0.0013EPSS

Exploits0References8

Vulnrichment•added 2026/03/30 5:6 p.m.•2 views

CVE-2025-66215 OpenSC: Stack-buffer-overflow WRITE in card-oberthur

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that...

3.8CVSS5.8AI score0.00159EPSS

Exploits0References4

Debian CVE•added 2026/03/30 5:6 p.m.•4 views

CVE-2025-66215

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that...

6.8CVSS5AI score0.00159EPSS

Exploits0

Cvelist•added 2026/03/30 4:59 p.m.•20 views

CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

3.8CVSS0.0013EPSS

Exploits0References2

ATTACKERKB•added 2026/03/30 4:59 p.m.•1 views

CVE-2025-49010

3.8CVSS5.8AI score0.0013EPSS

Exploits0References3Affected Software1

CVE•added 2026/03/30 4:59 p.m.•13 views

CVE-2025-49010

OpenSC before version 0.27.0 is vulnerable to a stack-buffer-overflow write in GET RESPONSE when a crafted USB device or smart card presents specially crafted APDU responses. The attack requires physical access and user/administrator interaction with the token. A fix exists in OpenSC 0.27.0 and l...

6.8CVSS5.8AI score0.0013EPSS

Exploits0References2Affected Software1

Snyk•added 2026/02/13 6:58 p.m.•5 views

Out-of-bounds Read

Overview bacnet-stack is a None Affected versions of this package are vulnerable to Out-of-bounds Read. via the wpdecodeservicerequest function. An attacker can cause an out-of-bounds read and crash the application by sending a malformed WriteProperty request with a truncated APDU, which triggers...

9.1CVSS5.7AI score0.00368EPSS

Exploits1References2

CVE•added 2026/02/13 6:14 p.m.•19 views

CVE-2026-26264

The vulnerability CVE-2026-26264 affects the BACnet Stack C library (embedded systems). In wp_decode_service_request, decoding the optional priority context tag can cause apdu_len - apdu_size underflow if apdu_size > apdu_len for a malformed WriteProperty, leading to an out-of-bounds read and ...

8.8CVSS5.6AI score0.00368EPSS

Exploits1References2Affected Software1

OSV•added 2025/12/24 5:43 p.m.•4 views

CLSA-2025-1766598218 opensc: Fix of 4 CVEs

CVE-2024-45616: fix insufficient control of APDU buffer and its length - CVE-2024-45615: initialize uninitialized variables - CVE-2024-45617: fix insufficient or missing checking of return values - CVE-2024-45620: fix incorrect handling length of buffers or files in pkcs15init...

3.9CVSS7.4AI score0.00355EPSS

Exploits0References1