Page 7 of 33 results (0.002 seconds)

CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2013-1866

https://notcve.org/view.php?id=CVE-2013-1866

OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerability OpenSC OpenSC.tokend, presenta una vulnerabilidad de Creación de Archivos Arbitraria y Sobreescritura. • http://www.securityfocus.com/bid/58620 https://exchange.xforce.ibmcloud.com/vulnerabilities/82987 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.2EPSS: 0%CPEs: 38EXPL: 5

CVE-2010-4523

https://notcve.org/view.php?id=CVE-2010-4523

Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 and earlier allow physically proximate attackers to execute arbitrary code via a long serial-number field on a smart card, related to (1) card-acos5.c, (2) card-atrust-acos.c, and (3) card-starcos.c. Múltiples desbordamientos de búfer basado en pila en libopensc en OpenSC v0.11.13 y anteriores permite a atacantes físicamente próximos ejecutar código arbitrario a través de un campo largo serial-number de una tarjeta inteligente, relacionado con (1) card-acos5.c, (2) card-atrust-acos.c, y (3) card-starcos.c. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607427 http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052777.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052796.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://openwall.com/lists/oss-security/2010/12/21/2 http://openwall.com/lists/oss-security/2010/12&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 31EXPL: 2

CVE-2009-0368 – OpenSC 0.11.x - PKCS#11 Implementation Unauthorized Access

https://notcve.org/view.php?id=CVE-2009-0368

OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program. Vulnerabilidad en OpenSC en versiones anteriores a v0.11.7 que permite a atacantes próximos físicamente evitar los requisitos de autenticación/validación de PIN a través de (1) el comando APDU de bajo nivel o (2) una herramienta de depuración de errores, como se ha demostrado leyendo el fichero 4601 o 4701 con el programa opensc-explorer o opensc-tool. • https://www.exploit-db.com/exploits/32820 http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html http://openwall.com/lists/oss-security/2009/02/26/1 http://secunia.com/advisories/34052 http://secunia.com/advisories/34120 http://secunia.com/advisories/34362 http://secunia.com/advisories/34377 http://secunia.com/advisories/35065 http://secunia.com/advisories/36074 http://security.gentoo.org/glsa/glsa-200908-01.xml http://www.debian.org/security/2009 • CWE-310: Cryptographic Issues •