Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-03	CVE-2024-45619	Classic Buffer Overflow vulnerability in multiple products A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. low complexity redhat opensc-project CWE-120	4.3
2024-01-31	CVE-2023-5992	Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. network high complexity opensc-project redhat CWE-203	5.9
2023-11-06	CVE-2023-40660	Improper Authentication vulnerability in multiple products A flaw was found in OpenSC packages that allow a potential PIN bypass. low complexity opensc-project redhat CWE-287	6.6
2023-11-06	CVE-2023-40661	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. low complexity opensc-project redhat CWE-119	6.4
2022-04-18	CVE-2021-42778	Double Free vulnerability in multiple products A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo. network low complexity opensc-project fedoraproject redhat CWE-415	5.3
2022-04-18	CVE-2021-42779	Use After Free vulnerability in multiple products A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid. network low complexity opensc-project fedoraproject redhat CWE-416	5.3
2022-04-18	CVE-2021-42780	Unchecked Return Value vulnerability in multiple products A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library. network low complexity opensc-project fedoraproject redhat CWE-252	5.3
2022-04-18	CVE-2021-42781	Out-of-bounds Write vulnerability in multiple products Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library. network low complexity opensc-project fedoraproject redhat CWE-787	5.3
2022-04-18	CVE-2021-42782	Out-of-bounds Write vulnerability in multiple products Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library. network low complexity opensc-project fedoraproject CWE-787	5.3
2020-10-06	CVE-2020-26572	Out-of-bounds Write vulnerability in multiple products The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. local low complexity opensc-project fedoraproject debian CWE-787	5.5