Lucene search

K

16 matches found

CVE
CVE
added 2020/04/29 4:15 a.m.247 views

CVE-2019-20792

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

6.8CVSS6.4AI score0.00165EPSS
CVE
CVE
added 2024/01/31 2:15 p.m.161 views

CVE-2023-5992

A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data.

5.9CVSS5.4AI score0.00211EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.113 views

CVE-2021-42779

A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.

5.3CVSS5.5AI score0.00047EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.100 views

CVE-2021-42780

A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.

5.3CVSS5.3AI score0.00045EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.97 views

CVE-2021-42782

Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.

5.3CVSS5.8AI score0.00077EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.85 views

CVE-2021-42781

Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.

5.3CVSS5.8AI score0.00084EPSS
CVE
CVE
added 2024/09/03 10:15 p.m.85 views

CVE-2024-45620

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.

3.9CVSS4AI score0.0005EPSS
CVE
CVE
added 2022/04/18 5:15 p.m.75 views

CVE-2021-42778

A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.

5.3CVSS5.1AI score0.00228EPSS
CVE
CVE
added 2024/09/03 10:15 p.m.73 views

CVE-2024-45615

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

3.9CVSS4AI score0.00014EPSS
CVE
CVE
added 2024/09/03 10:15 p.m.72 views

CVE-2024-45618

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have n...

3.9CVSS3.9AI score0.0005EPSS
CVE
CVE
added 2024/09/03 10:15 p.m.71 views

CVE-2024-45616

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APD...

3.9CVSS4.2AI score0.00014EPSS
CVE
CVE
added 2024/09/03 10:15 p.m.71 views

CVE-2024-45619

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer c...

4.3CVSS4.4AI score0.00067EPSS
CVE
CVE
added 2024/09/03 10:15 p.m.70 views

CVE-2024-45617

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpe...

3.9CVSS3.9AI score0.00058EPSS
CVE
CVE
added 2024/02/12 11:15 p.m.62 views

CVE-2024-1454

The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or sm...

3.4CVSS3.7AI score0.00081EPSS
CVE
CVE
added 2023/08/22 7:16 p.m.55 views

CVE-2021-34193

Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.

7.5CVSS7.5AI score0.00411EPSS
CVE
CVE
added 2020/01/30 2:15 p.m.34 views

CVE-2013-1866

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability

6.3CVSS6.3AI score0.00149EPSS