CVE-2026-45574

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

CLSA-2026-1779190223 opensc: Fix of 5 CVEs

CVE-2023-5992: implement constant-time PKCS1 v1.5 depadding to prevent Bleichenbacher/Marvin-style timing attacks - CVE-2025-49010: fix stack buffer overflow write in iso7816 GET RESPONSE - CVE-2025-66037: fix out-of-bounds heap read in scpkcs15pubkeyfromspkifields - CVE-2025-66038: fix buffer...

EUVD-2025-208147

The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verification. As a result, possession of the certificate number alone is sufficient for authentication,...

PT-2026-22574

Name of the Vulnerable Software and Affected Versions CGM CLININET system affected versions not specified Description The CGM CLININET system uses smart card authentication, but authentication happens locally on the client device. Instead of verifying the smart card and private key, only the...

CGM CLININET 安全漏洞

CGM CLININET is a hospital information management system developed by the German company CGM. CGM CLININET has a security vulnerability, which stems from a flaw in smart card authentication. Verification can be completed using only the certificate number...

EUVD-2018-8637

Malware in sbrugna...

CVE-2019-3980

The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run...

How to Configure StoreFront and Smart Card Authentication for Internal Users using Stores

This article describes how to configure Citrix StoreFront 2.0 and Smart Card authentication using Gemalto .NET cards against stores for internal users. Requirements The following components are needed to allow users connectthrough Smart Card to StoreFront: Citrix StoreFront 2.x Citrix Receiver fo...

April 9, 2024—KB5036910 (OS Build 25398.830)

April 9, 2024—KB5036910 OS Build 25398.830 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

April 9, 2024—KB5036894 (OS Build 22000.2899)

April 9, 2024—KB5036894 OS Build 22000.2899 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page. Note Follow @WindowsUpdate to find out...

January 9, 2024—KB5034127 (OS Build 17763.5329) - EXPIRED

January 9, 2024—KB5034127 OS Build 17763.5329 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ​​​​​​​ 11/17/20 For...

GitLab Trust Management Issues Vulnerabilities

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab has a trust management issue vulnerability that stems from allowing an...

October 10, 2023—KB5031364 (OS Build 20348.2031)

October 10, 2023—KB5031364 OS Build 20348.2031 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out whe...

SUSE CVE-2018-16841

Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call tallocfree twice on the same memory if the principal in a validly signed certificate does not match the principal ...

August 9, 2022—KB5016681 (Monthly Rollup)

August 9, 2022—KB5016681 Monthly Rollup IMPORTANT Microsoft released update KB5012170 on August 9, 2022. It provides support for Secure Boot Forbidden Signature Database DBX. This is a standalone, security update. Windows 8.1 and newer clients and Windows Server 2012 and newer servers must instal...

August 9, 2022—KB5016622 (OS Build 14393.5291) - EXPIRED

August 9, 2022—KB5016622 OS Build 14393.5291 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- NEW...

August 9, 2022—KB5016686 (Security-only update)

August 9, 2022—KB5016686 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. IMPORTANT Windows Server 2008 Service Pack 2 SP2 has reached the end of mainstream support and are now in extended support. Starti...

Ubuntu: Security Advisory (USN-3827-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

August 10, 2021—KB5005106 (Security-only update)

August 10, 2021—KB5005106 Security-only update Important: Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases known as "C" releases for this operating...

August 10, 2021—KB5005099 (Monthly Rollup)

August 10, 2021—KB5005099 Monthly Rollup Important: This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the Update on Adobe Flash Player End of Support. Important: Windows Server 2012 has reached the end of...