CVE-2026-40510

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in pivprocesshistory in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longe...

MiracleLinux 8 : opensc-0.20.0-4.el8, opensc-0.20.0-4.el8 (AXSA:2021-1949:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1949:01 advisory. opensc: heap-based buffer overflow in scoberthurreadfile CVE-2020-26570 opensc: stack-based buffer overflow in scpkcs15emugemsafeGPKinit...

MiracleLinux 8 : opensc-0.20.0-7.el8_9 (AXSA:2024-7353:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7353:02 advisory. OpenSC: Potential PIN bypass when card tracks its own login state CVE-2023-40660 OpenSC: multiple memory issues with pkcs15-init enrollment tool...

MiracleLinux 8 : opensc-0.20.0-2.el8 (AXSA:2021-1113:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1113:01 advisory. opensc: Out-of-bounds access of an ASN.1 Bitstring in decodebitstring in libopensc/asn1.c CVE-2019-15945 opensc: Out-of-bounds access of an ASN.1...

TencentOS Server 3: opensc (TSSA-2023:0324)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0324 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2018-8267

Malware in sbrugna...

EUVD-2023-45217

Malicious code in bioql PyPI...

NewStart CGSL MAIN 7.02 : opensc Multiple Vulnerabilities (NS-SA-2025-0119)

The remote NewStart CGSL host, running version MAIN 7.02, has opensc packages installed that are affected by multiple vulnerabilities: - A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operation...

TencentOS Server 4: opensc (TSSA-2024:0030)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0030 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

TencentOS Server 4: opensc (TSSA-2024:0441)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0441 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Alibaba Cloud Linux 3 : 0089: opensc (ALINUX3-SA-2022:0089)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0089 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-26570: The Oberthur smart card...

Alibaba Cloud Linux 3 : 0026: opensc (ALINUX3-SA-2024:0026)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0026 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-40660: A flaw was found in OpenSC...

USN-7346-3: OpenSC vulnerabilities

USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression which broke smartcard based authentication. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that OpenSC did not correctly handle certain memory operations...

USN-7346-2: OpenSC regression

USN-7346-1 fixed vulnerabilities in OpenSC. The update introduced a regression in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. The security fix has been removed pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovered that OpenSC...

USN-7346-1: OpenSC vulnerabilities

It was discovered that OpenSC did not correctly handle certain memory operations, which could lead to a use-after-free vulnerability. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : OpenSC vulnerabilities (USN-7346-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7346-1 advisory. It was discovered that OpenSC did not correctly handle certain memory operations, which could lea...

Advisory ROSA-SA-2025-2752

Software: opensc 0.20.0 OS: ROSA Virtualization 2.1 packageevrstring: opensc-0.20.0-8.rv3 CVE-ID: CVE-2023-2977 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in OpenSC causes a buffer overflow in the pkcs15 cardoshaveverifyrcpackage function, allowing an attacker to cause a processing...

OpenSC Multiple Vulnerabilities (Jan 2025) - Linux

OpenSC is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:opensc-project:opensc"; if descripti...

OpenSC Multiple Vulnerabilities (Jan 2025) - Windows

OpenSC is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:opensc-project:opensc"; if descripti...

Debian dla-4004 : opensc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4004 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4004-1 [email protected]...