Lucene search
K

76 matches found

Amazon
Amazon
added 2024/04/02 12:0 a.m.5 views

Medium: opensc

Issue Overview: A vulnerability was found in OpenSC where PKCS1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. CVE-2023-5992 The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages...

5.9CVSS6.1AI score0.01156EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/03/15 12:0 a.m.31 views

Fedora 38 : opensc (2024-b92d44f141)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b92d44f141 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

5.9CVSS6AI score0.01156EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/03/15 12:0 a.m.33 views

Fedora 39 : opensc (2024-6460a03e29)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6460a03e29 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

5.9CVSS6AI score0.01156EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2024/02/18 12:22 p.m.5 views

officialspatriotsauthenticstore.com Cross Site Scripting vulnerability OBB-3854505

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2024/02/14 9:33 p.m.34 views

CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS7AI score0.00422EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/02/14 3:56 a.m.2 views

SUSE CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

4.5CVSS6.2AI score0.00422EPSS
Exploits0References3
OSV
OSV
added 2024/02/12 11:15 p.m.1 views

DEBIAN-CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS5.7AI score0.00422EPSS
Exploits0References1
NVD
NVD
added 2024/02/12 11:15 p.m.16 views

CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS4.2AI score0.00422EPSS
Exploits0References8
OSV
OSV
added 2024/02/12 11:15 p.m.5 views

AZL-34384 CVE-2024-1454 affecting package opensc for versions less than 0.23.0-4

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS7AI score0.00422EPSS
Exploits0References1
OSV
OSV
added 2024/02/12 11:15 p.m.2 views

UBUNTU-CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS6.9AI score0.00422EPSS
Exploits0References4
Prion
Prion
added 2024/02/12 11:15 p.m.16 views

Design/Logic Flaw

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

2.6CVSS6.9AI score0.00422EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/02/12 11:15 p.m.32 views

CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS6.7AI score0.00422EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/02/12 10:29 p.m.8 views

CVE-2024-1454 Opensc: memory use after free in authentic driver when updating token info

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS4.4AI score0.00422EPSS
Exploits0References4
CVE
CVE
added 2024/02/12 10:29 p.m.87 views

CVE-2024-1454

CVE-2024-1454 concerns the OpenSC AuthentIC driver: a use-after-free during card enrolment (pkcs15-init) that can enable manipulation of card management operations when an attacker has physical access and can present crafted APDU responses. The issue is limited to the enrolment process and requir...

3.4CVSS3.7AI score0.00422EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2024/02/12 10:29 p.m.19 views

CVE-2024-1454 Opensc: memory use after free in authentic driver when updating token info

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS6.4AI score0.00422EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2024/02/12 10:29 p.m.25 views

CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS3.5AI score0.00422EPSS
Exploits0
Cvelist
Cvelist
added 2024/02/12 10:29 p.m.33 views

CVE-2024-1454 Opensc: memory use after free in authentic driver when updating token info

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS4.2AI score0.00422EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2024/02/12 10:29 p.m.21 views

CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS4.3AI score0.00422EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.1 views

PT-2024-3057 · Opensc +3 · Opensc +3

Name of the Vulnerable Software and Affected Versions: OpenSC affected versions not specified Description: The issue is related to a use-after-free vulnerability found in the AuthentIC driver of OpenSC packages. This vulnerability occurs during the card enrolment process using pkcs15-init when a...

7.5CVSS5.1AI score0.02805EPSS
Exploits1References70
Prion
Prion
added 2023/12/23 9:15 a.m.15 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This...

6.8CVSS7.3AI score0.00373EPSS
Exploits1References1Affected Software10
Rows per page
Query Builder