Lucene search
K

127 matches found

CVE
CVE
added 2024/09/03 9:21 p.m.111 views

CVE-2024-45620

OpenSC: CVE-2024-45620 affects the pkcs15-init tool. A crafted USB device or smart card may cause the system to process APDUs in a way that partially filled buffers are accessed incorrectly. This is tied to OpenSC buffer handling in pkcs15init. Remediation: upgrade OpenSC to 0.26.1-1 or newer (as...

3.9CVSS4AI score0.00293EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2024/09/03 9:21 p.m.22 views

CVE-2024-45620

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

3.9CVSS6.1AI score0.00293EPSS
Exploits0
OSV
OSV
added 2024/09/03 9:21 p.m.17 views

CVE-2024-45620 Libopensc: incorrect handling of the length of buffers or files in pkcs15init

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accesse...

3.9CVSS6.8AI score0.00293EPSS
Exploits0References7
CVE
CVE
added 2024/09/03 9:21 p.m.101 views

CVE-2024-45618

CVE-2024-45618 affects OpenSC’s pkcs15-init component. The issue arises from insufficient or missing checking of return values, which can cause use of uninitialized variables after APDU responses from crafted USB devices or smart cards. Multiple connected advisories document the same core problem...

3.9CVSS3.9AI score0.00287EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2024/09/03 9:21 p.m.16 views

CVE-2024-45618

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have...

3.9CVSS5.9AI score0.00287EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/09/03 9:21 p.m.16 views

CVE-2024-45618

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have...

3.9CVSS3.9AI score0.00287EPSS
Exploits0
OSV
OSV
added 2024/09/03 9:21 p.m.18 views

CVE-2024-45618 Libopensc: uninitialized values after incorrect or missing checking return values of functions in pkcs15init

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have...

3.9CVSS6.6AI score0.00287EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/09/02 12:0 a.m.3 views

PT-2024-9395

Name of the Vulnerable Software and Affected Versions OpenSC affected versions not specified Description A memory out-of-bounds read issue exists in the pkcs15-init tool. An attacker can exploit this by using a specially crafted USB device or smart card that provides a manipulated response to APD...

4.6CVSS6.5AI score0.00355EPSS
Exploits0References93
Redos
Redos
added 2024/04/22 12:0 a.m.21 views

ROS-20240422-01

Vulnerability in the OpenSC smart card software toolkit and libraries is related to a bug in the AuthentIC driver and occurs during card registration using pkcs15-init. a bug in the AuthentIC driver and occurs during the card registration process using pkcs15-init, when a user or administrator...

3.4CVSS7.1AI score0.00422EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/03/15 12:0 a.m.31 views

Fedora 38 : opensc (2024-b92d44f141)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b92d44f141 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

5.9CVSS6AI score0.01156EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/03/15 12:0 a.m.33 views

Fedora 39 : opensc (2024-6460a03e29)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-6460a03e29 advisory. New upstream release with security fixes for CVE-2023-5992 and CVE-2024-1454 Tenable has extracted the preceding description block directly from the...

5.9CVSS6AI score0.01156EPSS
Exploits1References3
NVD
NVD
added 2024/02/12 11:15 p.m.16 views

CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS4.2AI score0.00422EPSS
Exploits0References8
Prion
Prion
added 2024/02/12 11:15 p.m.16 views

Design/Logic Flaw

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

2.6CVSS6.9AI score0.00422EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/12 10:29 p.m.34 views

CVE-2024-1454 Opensc: memory use after free in authentic driver when updating token info

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS4.2AI score0.00422EPSS
Exploits0References4
OSV
OSV
added 2024/02/12 10:29 p.m.19 views

CVE-2024-1454 Opensc: memory use after free in authentic driver when updating token info

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS6.4AI score0.00422EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2024/02/12 10:29 p.m.25 views

CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS3.5AI score0.00422EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2024/02/12 10:29 p.m.21 views

CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or...

3.4CVSS4.3AI score0.00422EPSS
Exploits0
Debian
Debian
added 2023/11/27 1:9 a.m.26 views

[SECURITY] [DLA 3668-1] opensc security update

Debian LTS Advisory DLA-3668-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin November 27, 2023 https://wiki.debian.org/LTS Package : opensc Version : 0.19.0-1+deb10u3 CVE ID : CVE-2023-40660 CVE-2023-40661 Debian Bug : 1055521 1055522 Vulnerabilities were found i...

6.6CVSS6.8AI score0.01174EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/27 12:0 a.m.36 views

Debian dla-3668 : opensc - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3668 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3668-1 [email protected]...

6.6CVSS6.6AI score0.01174EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/11/21 12:0 a.m.20 views

Oracle Linux 8 : opensc (ELSA-2023-7160)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-7160 advisory. - Fix CVE-2023-2977: potential buffer overrun in pkcs15 cardoshaveverifyrcpackage 2211093 Tenable has extracted the preceding description block directly from th...

7.1CVSS7AI score0.00295EPSS
Exploits0References2
Rows per page
Query Builder