CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

186 matches found

NVD•added 2023/11/06 5:15 p.m.•11 views

CVE-2023-40660

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock a...

6.6CVSS6.3AI score0.00037EPSS

Exploits0References12

OSV•added 2023/11/06 5:15 p.m.•27 views

CVE-2023-40660

6.6CVSS6.4AI score0.00037EPSS

Exploits0References12

UbuntuCve•added 2023/11/06 5:15 p.m.•27 views

CVE-2023-40660

6.6CVSS6.8AI score0.00037EPSS

Exploits0References4

Prion•added 2023/11/06 5:15 p.m.•26 views

Design/Logic Flaw

4.4CVSS6.9AI score0.00037EPSS

Exploits0References11Affected Software2

CVE•added 2023/11/06 4:58 p.m.•147 views

CVE-2023-40660

CVE-2023-40660 affects the OpenSC OpenSC/OpenSC PKCS#11 components (opensc). Connected advisories specify a PIN-bypass vulnerability: if a token is authenticated in one process, it can be used to perform cryptographic operations in other processes when an empty PIN is supplied. Affected scope inc...

6.6CVSS6.2AI score0.00037EPSS

Exploits0References12Affected Software1

AlpineLinux•added 2023/11/06 4:58 p.m.•27 views

CVE-2023-40660

6.6CVSS6.4AI score0.00037EPSS

Exploits0

Debian CVE•added 2023/11/06 4:58 p.m.•18 views

CVE-2023-40660

6.6CVSS6.6AI score0.00037EPSS

Exploits0

Tenable Nessus•added 2023/11/04 12:0 a.m.•21 views

Amazon Linux 2023 : opensc (ALAS2023-2023-417)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-417 advisory. Potential PIN bypass.When the token/card was plugged into the computer and authenticated from one process, it could be used to provide cryptographic operations from different process when the...

6.6CVSS6AI score0.00295EPSS

Exploits0References8

Tenable Nessus•added 2023/11/02 12:0 a.m.•28 views

Amazon Linux 2 : opensc (ALAS-2023-2323)

The version of opensc installed on the remote host is prior to 0.19.0-5. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2323 advisory. Potential PIN bypass.When the token/card was plugged into the computer and authenticated from one process, it could be use...

6.6CVSS6.4AI score0.00295EPSS

Exploits0References6

Amazon•added 2023/11/01 12:0 a.m.•33 views

Medium: opensc

Issue Overview: Potential PIN bypass. When the token/card was plugged into the computer and authenticated from one process, it could be used to provide cryptographic operations from different process when the empty, zero-length PIN and the token can track the login status using some of its...

6.6CVSS6.7AI score0.00295EPSS

Exploits0

OSV•added 2023/10/27 11:6 a.m.•1 views

OESA-2023-1766 opensc security update

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to sma...

6.6CVSS6.8AI score0.00037EPSS

Exploits0References2

OSV•added 2023/10/27 11:6 a.m.•1 views

OESA-2023-1767 opensc security update

6.6CVSS6.8AI score0.00037EPSS

Exploits0References2

Veracode•added 2023/10/06 4:32 a.m.•19 views

Authentication Bypass

libopensc.so is vulnerable to Authentication Bypass. The vulnerability exists in the scpkcs15verifypin function of pkcs15-pin.c when a token or card is plugged into the system and authenticated by one process, but can be utilized for cryptographic operations by another process when an empty,...

6.6CVSS7AI score0.00037EPSS

Exploits0References14Affected Software2

RedhatCVE•added 2023/10/04 4:54 a.m.•36 views

CVE-2023-40660

6.6CVSS6.5AI score0.00037EPSS

Exploits0References6

Fedora•added 2023/08/17 1:17 a.m.•33 views

[SECURITY] Fedora 38 Update: opensc-0.23.0-5.fc38

7.1CVSS6.8AI score0.00027EPSS

Exploits0

Fedora•added 2023/08/17 12:34 a.m.•26 views

[SECURITY] Fedora 37 Update: opensc-0.23.0-5.fc37

7.1CVSS6.8AI score0.00027EPSS

Exploits0

Schneier on Security•added 2023/06/19 10:52 a.m.•7 views

Power LED Side-Channel Attack

This is a clever new side-channel attack: The first attack uses an Internet-connected surveillance camera to take a high-speed video of the power LED on a smart card reader--or of an attached peripheral device--during cryptographic operations. This technique allowed the researchers to pull a...

10AI score

Exploits0

Code423n4•added 2023/04/20 12:0 a.m.•6 views

TEST REGULAR FINDING DURING BOT RACE WINDOW

Lines of code L1 Vulnerability details TEST --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score

Exploits0

Trellix•added 2023/03/23 12:0 a.m.•8 views

Shining Light on Dark Power: Yet Another Ransomware Gang

Shining Light on Dark Power: Yet Another Ransomware Gang By Pham Duy Phuc and Tomer Shloman · March 23, 2023 This blog was also written by Max Kersten Another day, another ransomware gang. The Dark Power ransomware gang is new on the block, and is trying to make a name for itself. This blog dives...

6.8AI score

Exploits0

Ubuntu•added 2023/03/07 3:26 p.m.•75 views

USN-5933-1: Libtpms vulnerabilities

Francisco Falcon discovered that Libtpms did not properly manage memory when performing certain cryptographic operations. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. CVE-2023-1017, CVE-2023-1018 It was discovered that Libtpms did not...

7.8CVSS7.1AI score0.00692EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by