CVE-2025-24531

The CVE-2025-24531 entry concerns OpenSC pam_pkcs11 before 0.6.13, where pam_sm_authenticate() may return PAM_IGNORE in various error conditions (e.g., smartcard errors before login). This behavior can allow authentication bypass. The open/public data provided identifies the affected component an...

Yubico YubiHSM 2 SDK YubiHSM Shell 2.4.0 Uninitialized Memory Read (YSA-2023-01)

The version of Yubico YubiHSM Shell, a component of YubiHSM 2 SDK, installed on the remote host is 2.4.0. It is, therefore, affected by an uninitlized memory read vulnerability: - The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read...

EUVD-2023-43608

Malicious code in bioql PyPI...

Security update for pam_pkcs11

This update for pampkcs11 fixes the following issues: CVE-2025-24531: Fixed regression in version 0.6.12 returning PAMIGNORE in many situations with possible authentication bypass bsc1236314. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

CVE-2025-24032

PAM-PKCS11 is a Linux-PAM login module that allows a X.509 certificate based user login. Prior to version 0.6.13, if certpolicy is set to none the default value, then pampkcs11 will only check if the user is capable of logging into the token. An attacker may create a different token with the user...

PT-2024-9394 · Opensc +5 · Opensc +5

Name of the Vulnerable Software and Affected Versions: OpenSC affected versions not specified Description: The issue is related to the use of uninitialized variables in OpenSC, OpenSC tools, PKCS11 module, minidriver, and CTK. This could allow an attacker to impact the confidentiality and integri...

Security Advisory YSA-2023-01 | Yubico

The PKCS11 module of the YubiHSM 2 SDK does not properly validate the length of specific read operations on object metadata which may lead to disclosure of uninitialized and previously used memory...

Slackware: Security Advisory (SSA:2022-320-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2017:1661-1 Security update for openssh-openssl1

This update for openssh-openssl1 fixes the following issues: - Properly verify CIDR masks in configuration bsc1005893 - CVE-2016-10009: limit directories for loading PKCS11 modules bsc1016366 - CVE-2016-10011: Prevent possible leaks of host private keys to low-privilege process handling...

UBUNTU-CVE-2016-10009

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

CVE-2009-2654 firefox: URL bar spoofing vulnerability CVE-2009-3070 Firefox 3.5 3.0.14 browser engine crashes CVE-2009-3071 Firefox 3.5.2 3.0.14 browser engine crashes CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes CVE-2009-3074 Firefox 3.5 3.0.14 JavaScript engine crashes CVE-2009-307...

Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64

CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2654 firefox: URL bar spoofing vulnerability CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6563)

This update brings the Mozilla Firefox 3.5 webbrowser to version 3.5.3, the Mozilla XULRunner 1.9.0 engine to the 1.9.0.14 stable release, and the Mozilla XULRunner 1.9.1 engine to the 1.9.1.3 stable release. It also fixes various security issues : - Mozilla developers and community members...

Mozilla Firefox PKCS11 Module Installation Code Execution (CVE-2009-3076)

Mozilla Firefox is a web browser developed by Mozilla Foundation. The browser is capable of interpreting and rendering many types of content published on the Internet, including various versions of HTML, XML, XUL, JavaScript, various graphics formats, and so on. The browser runs on the Windows,...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6562)

This update brings the Mozilla Firefox 3.5 webbrowser to version 3.5.3, the Mozilla XULRunner 1.9.0 engine to the 1.9.0.14 stable release, and the Mozilla XULRunner 1.9.1 engine to the 1.9.1.3 stable release. It also fixes various security issues : - Mozilla developers and community members...

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6495)

This update brings the Mozilla Firefox browser to the 3.0.14 stable release. It also fixes various security issues: MFSA 2009-47 / CVE-2009-3069 / CVE-2009-3070 / CVE-2009-3071 / CVE-2009-3072 / CVE-2009-3073 / CVE-2009-30 / CVE-2009-3075: Mozilla developers and community members identified and...

Mozilla Firefox PKCS11 Module Installation Code Execution

Added: 09/24/2009 CVE: CVE-2009-3076 BID: 36343 OSVDB: 57977 Background Mozilla is a suite of Internet client products available for multiple platforms. Problem The warning dialog displayed when adding or removing security modules via pkcs11.addmodule or pkcs11.deletemodule can be customized by a...

openSUSE Security Update : MozillaFirefox (MozillaFirefox-1312)

This update brings Mozilla Firefox to the 3.0.14 stable release. It also fixes various security issues: MFSA 2009-47 / CVE-2009-3069 / CVE-2009-3070 / CVE-2009-3071 / CVE-2009-3072 / CVE-2009-3073 / CVE-2009-3074 / CVE-2009-3075: Mozilla developers and community members identified and fixed sever...

Mandriva Linux Security Advisory : firefox (MDVSA-2009:236)

Security issues were identified and fixed in firefox 3.0.x : Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vecto...

FreeBSD : mozilla firefox -- multiple vulnerabilities (922d2398-9e2d-11de-a998-0030843d3802)

Mozilla Foundation reports : MFSA 2009-51 Chrome privilege escalation with FeedWriter MFSA 2009-50 Location bar spoofing via tall line-height Unicode characters MFSA 2009-49 TreeColumns dangling pointer vulnerability MFSA 2009-48 Insufficient warning for PKCS11 module installation and removal MFS...