Vulnerabilities > Opensc Project > Opensc > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-03 CVE-2024-45619 Classic Buffer Overflow vulnerability in multiple products
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
low complexity
redhat opensc-project CWE-120
4.3
2024-01-31 CVE-2023-5992 Information Exposure Through Discrepancy vulnerability in multiple products
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant.
network
high complexity
opensc-project redhat CWE-203
5.9
2023-11-06 CVE-2023-40660 Improper Authentication vulnerability in multiple products
A flaw was found in OpenSC packages that allow a potential PIN bypass.
low complexity
opensc-project redhat CWE-287
6.6
2023-11-06 CVE-2023-40661 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards.
low complexity
opensc-project redhat CWE-119
6.4
2022-04-18 CVE-2021-42778 Double Free vulnerability in multiple products
A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.
network
low complexity
opensc-project fedoraproject redhat CWE-415
5.3
2022-04-18 CVE-2021-42779 Use After Free vulnerability in multiple products
A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.
network
low complexity
opensc-project fedoraproject redhat CWE-416
5.3
2022-04-18 CVE-2021-42780 Unchecked Return Value vulnerability in multiple products
A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.
network
low complexity
opensc-project fedoraproject redhat CWE-252
5.3
2022-04-18 CVE-2021-42781 Out-of-bounds Write vulnerability in multiple products
Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.
network
low complexity
opensc-project fedoraproject redhat CWE-787
5.3
2022-04-18 CVE-2021-42782 Out-of-bounds Write vulnerability in multiple products
Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.
network
low complexity
opensc-project fedoraproject CWE-787
5.3
2020-10-06 CVE-2020-26572 Out-of-bounds Write vulnerability in multiple products
The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.
5.5