5 matches found
CVE-2010-4523
OpenSC (libopensc) is affected by CVE-2010-4523: multiple stack-based buffer overflows in OpenSC
CVE-2009-1603
CVE-2009-1603 affects OpenSC 0.11.7, specifically src/tools/pkcs11-tool.c. When used with unspecified third‑party PKCS#11 modules, it generates RSA keys with incorrect public exponents, allowing an attacker to read the cleartext form of messages that were intended to be encrypted. This vulnerabil...
CVE-2009-0368
OpenSC (the OpenSC package) is affected by CVE-2009-0368. The vulnerability allows private data objects on smartcards initialized with OpenSC to be read without authentication, demonstrated via a low-level APDU command or via debugging tools (e.g., reading specific files with opensc-explorer/open...
CVE-2008-2235
OpenSC (pre-0.11.5) is affected by CVE-2008-2235 due to weak permissions on the 5015 directory for Siemens CardOS M4 smart cards and USB tokens, allowing a physically proximate attacker to change the PIN. The OpenSC/OpenSC-devel packages are the impacted components; the root cause is improper acc...
CVE-2008-3972
CVE-2008-3972 relates to OpenSC prior to 0.11.6 where security updates to a smart card are not applied unless the card label matches “OpenSC”; this can allow physically proximate attackers to bypass patched vulnerabilities (as linked to CVE-2008-2235). Connected OpenVAS entries show SLES9/SLES10 ...