15 matches found
TencentOS Server 4: opensc (TSSA-2024:0030)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0030 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Advisory ROSA-SA-2025-2580
software: opensc 0.23.0 OS: ROSA-CHROME packageevrstring: opensc-0.23.0-2 CVE-ID: CVE-2023-40660 BDU-ID: 2024-02589 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the OpenSC smart card software toolkit and libraries is related to the fact that token/card authentication by one process can perform...
CBL Mariner 2.0 Security Update: opensc (CVE-2023-4535)
The version of opensc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-4535 advisory. - An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling...
CVE-2023-4535 affecting package opensc for versions less than 0.25.1-3
CVE-2023-4535 affecting package opensc for versions less than 0.25.1-3. An upgraded version of the package is available that resolves this issue...
AlmaLinux 9 : opensc (ALSA-2023:7879)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2023:7879 advisory. - A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic...
Fedora 39 : opensc (2023-a854153d7a)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a854153d7a advisory. New upstream release 2240701 with security fixes for CVE-2023-40660, CVE-2023-4535, CVE-2023-40661 Tenable has extracted the preceding description...
Moderate: Red Hat Security Advisory: opensc security update
An update for opensc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
opensc security update
0.23.0-3 - Fix file caching with different offsets RHEL-4079 - Fix CVE-2023-40660: Potential PIN bypass - Fix CVE-2023-40661: Dynamic analyzers reports in pkcs15init - Fix CVE-2023-4535: Out-of-bounds read in MyEID driver handling encryption using symmetric keys - Fix CVE-2023-5992: Side-channel...
ALSA-2023:7879 Moderate: opensc security update
The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Potential PIN bypass when card tracks it...
Moderate: opensc security update
The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic operations and enables their use for authentication, mail encryption, or digital signatures. Security Fixes: OpenSC: Potential PIN bypass when card tracks it...
RHEL 9 : opensc (RHSA-2023:7879)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7879 advisory. The OpenSC set of libraries and utilities provides support for working with smart cards. OpenSC focuses on cards that support cryptographic...
CVE-2023-4535 affecting package opensc for versions less than 0.23.0-2
CVE-2023-4535 affecting package opensc for versions less than 0.23.0-2. A patched version of the package is available...
CVE-2023-4535 Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys
An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to...
CVE-2023-4535
CVE-2023-4535 affects OpenSC, specifically the MyEID driver’s handling of symmetric key encryption. The vulnerability is an out-of-bounds read in the OpenSC MyEID driver, which can be exploited by a physically proximate attacker using a crafted USB device or smart card to manipulate APDU response...
Medium: opensc
Issue Overview: Potential PIN bypass. When the token/card was plugged into the computer and authenticated from one process, it could be used to provide cryptographic operations from different process when the empty, zero-length PIN and the token can track the login status using some of its...