Lucene search
+L

44 matches found

OSV
OSV
added 2026/06/05 3:48 p.m.9 views

OESA-2026-2545 opensc security update

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the standard APIs to sma...

6.8CVSS5.5AI score0.00253EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-45020

Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection. Details Autoupdate/AppInstaller.m's shouldAcceptNewConnection: only enforces SUCodeSigningVerifier validateConnection: before stage 1 completes. After...

4.2CVSS5.8AI score0.00014EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When importing an SPKI RSA public key as an ECDSA P-256 key, the key is handled incorrectly, causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS6.6AI score0.00648EPSS
Exploits0References2
OSV
OSV
added 2026/04/20 10:8 a.m.3 views

SUSE-SU-2026:1477-1 Security update for opensc

This update for opensc fixes the following issues: - CVE-2025-49010: specially crafted smart card or USB device can lead to a stack buffer overflow write in GET RESPONSE bsc1261214. - CVE-2025-66037: specially crafted input processed by the fuzzpkcs15reader harness can lead to an out-of-bounds he...

6.8CVSS6.1AI score0.00282EPSS
Exploits2References9
SUSE CVE
SUSE CVE
added 2026/03/31 11:29 p.m.7 views

SUSE CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

3.9CVSS5.9AI score0.00253EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-66037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to...

6.8CVSS5.6AI score0.00253EPSS
Exploits1References4
OSV
OSV
added 2026/03/30 6:16 p.m.1 views

DEBIAN-CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

6.8CVSS5.4AI score0.00253EPSS
Exploits1References1
OSV
OSV
added 2026/03/30 6:16 p.m.5 views

UBUNTU-CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

6.8CVSS5.9AI score0.00253EPSS
Exploits1References2
CVE
CVE
added 2026/03/30 5:1 p.m.24 views

CVE-2025-66037

OpenSC has a vulnerability CVE-2025-66037: before 0.27.0, crafted input to fuzz_pkcs15_reader can trigger an out-of-bounds heap read in X.509/SPKI handling via sc_pkcs15_pubkey_from_spki_fields() which allocates a zero-length buffer and reads beyond it. The issue is mitigated by upgrading to Open...

6.8CVSS5.9AI score0.00253EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/30 5:1 p.m.6 views

CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

6.8CVSS5.4AI score0.00253EPSS
Exploits1
Cvelist
Cvelist
added 2026/03/30 5:1 p.m.23 views

CVE-2025-66037 OpenSC: Out of Bounds vulnerability

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

3.9CVSS0.00253EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/30 5:1 p.m.3 views

CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

3.9CVSS5.9AI score0.00253EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/30 5:1 p.m.6 views

EUVD-2025-209126

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

3.9CVSS5.9AI score0.00253EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.9 views

OpenSC 缓冲区错误漏洞

OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.27.0 contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds heap reads in the X.509/SPKI processing path, which could lead to memory corruption...

6.8CVSS6AI score0.00253EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-29649

Malicious code in bioql PyPI...

6.5CVSS7.3AI score0.00648EPSS
Exploits0References25
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.6 views

PT-2026-29081

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.27.0 Description OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, providing a crafted input to the fuzz pkcs15 reader harness results in an out-of-bounds heap read within the...

6.8CVSS6AI score0.00282EPSS
Exploits2References45
NVD
NVD
added 2023/06/02 5:15 p.m.12 views

CVE-2023-25742

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS6.7AI score0.00648EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.5 views

CVE-2023-25742

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS5.9AI score0.00648EPSS
Exploits0References5
OSV
OSV
added 2023/06/02 5:15 p.m.1 views

DEBIAN-CVE-2023-25742

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

6.5CVSS6.1AI score0.00648EPSS
Exploits0References1
Prion
Prion
added 2023/06/02 5:15 p.m.23 views

Code injection

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

4.3CVSS6.4AI score0.00648EPSS
Exploits0References4Affected Software3
Rows per page
Query Builder