Astra Linux - уязвимость в opensc

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process when using the pkcs15-init function. To exploit these vulnerabilities, an attacker must have physical access to the computer system and use a custom-constructed USB device or sma...

SUSE CVE-2025-13763

Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...

CVE-2025-68819

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100i2cmsg rlen value is a user-controlled value, but dtv5100i2cmsg does not check the size of the rlen value. Therefore, if it is set to a value larger than sizeofst-data, an...

Amazon Linux 2023 : grub2-common, grub2-efi-aa64, grub2-efi-aa64-cdboot (ALAS2023-2025-1342)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1342 advisory. A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service DoS risk. This flaw is a Use-after-Free issue, caused because the...

VulnCheck KEV: CVE-2023-39143

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled a very common configuration...

EUVD-2019-13539

Malware in sbrugna...

EUVD-2018-13580

Malware in sbrugna...

Skyworth Router CM5100 安全漏洞

Skyworth Router CM5100 is a single-band router with N300 speed from Skyworth China. A security vulnerability exists in the Skyworth Router CM5100 version 4.1.1.24, which originates from storing sensitive information about USB and Wifi connected devices in plaintext...

SUSE CVE-2024-45618

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have...

SUSE CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

Malicious code in wlwz-2312-6608 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 446e8b5648868e0923b19842f21b89c5a52b2e9454aa049037fd8eae1a32571c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

DEBIAN-CVE-2023-4535

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to...

AZL-35075 CVE-2023-40661 affecting package opensc for versions less than 0.25.1-3

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a...

UBUNTU-CVE-2023-4535

An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to...

CVE-2023-28561 Buffer Copy Without Checking Size of Input in QESL

Memory corruption in QESL while processing payload from external ESL device to firmware...

PT-2023-21809 · Qesl · Qesl

Name of the Vulnerable Software and Affected Versions: QESL affected versions not specified Description: The issue involves memory corruption in QESL when processing a payload from an external ESL device to firmware. Recommendations: At the moment, there is no information about a newer version th...

CVE-2023-39143

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled a very common configuration...

CVE-2023-39143

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled a very common configuration...

Digital Guardian Agent 安全漏洞

Digital Guardian Agent is a widely used data protection platform for cloud environments from US-based Digital Guardian. Discover, categorize and control data movement across endpoints, networks and clouds. An information disclosure vulnerability exists in Digital Guardian Agent version 7.7.4.0042...

Malicious code in bakaman (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e4739b322acef1df15dc4eae591689eafa1abac14aef74e70eefeeea6aa5599 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...