CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

Linux Distros Unpatched Vulnerability : CVE-2020-28049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to...

SDDM Competitive Conditions Issue Vulnerability

SDDM is a Qt-based display manager for the desktop environments KDE and LXQt from the SSDM team. A contention condition issue vulnerability exists in versions of SDDM prior to 0.19.0. The vulnerability stems from incorrectly starting the X server in a way that would allow a local, unprivileged us...

opensc: Infinite recusrion handling responses from IAS-ECC cards in card-iasecc.c:iasecc_select_file()

Endless recursion when handling responses from an IAS-ECC card in iaseccselectfile in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs...

OpenSC Buffer Overflow Vulnerability (CNVD-2019-28624)

OpenSC is an open source smart card tool and middleware. A buffer overflow vulnerability exists in the 'readpublickey' function in the tools/cryptoflex-tool.c file in versions prior to OpenSC 0.19.0-rc1. An attacker could use this vulnerability to cause a denial of service application crash with...