Vulnerabilities > Opensc Project > Opensc
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-04 | CVE-2018-16418 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 6.6 |
| 2018-09-03 | CVE-2018-16393 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 6.8 |
| 2018-09-03 | CVE-2018-16392 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 6.8 |
| 2018-09-03 | CVE-2018-16391 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opensc Project Opensc Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact. | 6.8 |
| 2009-05-11 | CVE-2009-1603 | Cleartext Storage of Sensitive Information vulnerability in multiple products src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted. | 7.5 |