Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/517331?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/517331?format=api", "purl": "pkg:deb/debian/opensc@0.16.0-3%2Bdeb9u1", "type": "deb", "namespace": "debian", "name": "opensc", "version": "0.16.0-3+deb9u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.27.1-2", "latest_non_vulnerable_version": "0.27.1-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93643?format=api", "vulnerability_id": "VCID-18ud-hwu9-sfcy", "summary": "OpenSC: Potential PIN bypass when card tracks its own login state", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40660.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11376", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11481", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11479", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11442", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11362", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40660" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1", "reference_id": "0.24.0-rc1", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-12-19T17:10:37Z/" } ], "url": "https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055521", "reference_id": "1055521", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055521" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240912", "reference_id": "2240912", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-12-19T17:10:37Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240912" }, { "reference_url": "https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651", "reference_id": "2792#issuecomment-1674806651", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-12-19T17:10:37Z/" } ], "url": "https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-40660", "reference_id": "CVE-2023-40660", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-12-19T17:10:37Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-40660" }, { "reference_url": "https://security.gentoo.org/glsa/202412-15", "reference_id": "GLSA-202412-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-15" }, { "reference_url": "https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories", "reference_id": "OpenSC-security-advisories", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-12-19T17:10:37Z/" } ], "url": "https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7876", "reference_id": "RHSA-2023:7876", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-12-19T17:10:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7879", "reference_id": "RHSA-2023:7879", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2023-12-19T17:10:37Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2023:7879" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2023-40660" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18ud-hwu9-sfcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96891?format=api", "vulnerability_id": "VCID-1ntg-3yvw-bkcx", "summary": "sc_context_create in ctx.c in libopensc in OpenSC 0.19.0 has a memory leak, as demonstrated by a call from eidenv.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6502.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41893", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41863", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.4192", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41885", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41939", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41949", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-6502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6502" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668933", "reference_id": "1668933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668933" }, { "reference_url": "https://security.archlinux.org/ASA-202003-2", "reference_id": "ASA-202003-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202003-2" }, { "reference_url": "https://security.archlinux.org/AVG-1106", "reference_id": "AVG-1106", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1106" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510129?format=api", "purl": "pkg:deb/debian/opensc@0.21.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.21.0-1" } ], "aliases": [ "CVE-2019-6502" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ntg-3yvw-bkcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89152?format=api", "vulnerability_id": "VCID-1uky-s3fj-vkdp", "summary": "libopensc: pkcs15init: Usage of uninitialized values in libopensc and pkcs15init", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45615.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45615.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25637", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25736", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25689", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.2563", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25745", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45615", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45615" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082859", "reference_id": "1082859", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082859" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309285", "reference_id": "2309285", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:31:03Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309285" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45615", "reference_id": "CVE-2024-45615", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:31:03Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45615" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2024-45615" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1uky-s3fj-vkdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96896?format=api", "vulnerability_id": "VCID-378j-fxjw-xkdg", "summary": "A heap use after free issue was found in Opensc before version 0.22.0 in sc_file_valid.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42779.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42779.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24504", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24606", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24596", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24541", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24482", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24491", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42779" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42779" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016086", "reference_id": "2016086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016086" }, { "reference_url": "https://security.gentoo.org/glsa/202209-03", "reference_id": "GLSA-202209-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2021-42779" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-378j-fxjw-xkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96890?format=api", "vulnerability_id": "VCID-5rmc-bsxk-5ydm", "summary": "OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20792.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37225", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37316", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37322", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37289", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37251", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00165", "scoring_system": "epss", "scoring_elements": "0.37265", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20792" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837946", "reference_id": "1837946", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4483", "reference_id": "RHSA-2020:4483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4483" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510129?format=api", "purl": "pkg:deb/debian/opensc@0.21.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.21.0-1" } ], "aliases": [ "CVE-2019-20792" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5rmc-bsxk-5ydm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96872?format=api", "vulnerability_id": "VCID-6ewg-mbcj-bufw", "summary": "Several buffer overflows when handling responses from a Muscle Card in muscle_list_files in libopensc/card-muscle.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16391.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16391.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16391", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32125", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32197", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32165", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32127", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32096", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32119", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16391" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16391", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16391" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627998", "reference_id": "1627998", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627998" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16391" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ewg-mbcj-bufw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89153?format=api", "vulnerability_id": "VCID-6w46-ydxr-2ug7", "summary": "libopensc: Uninitialized values after incorrect or missing checking return values of functions in libopensc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45617.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45617.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45617", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34542", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34594", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34557", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34523", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00145", "scoring_system": "epss", "scoring_elements": "0.34577", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45617" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45617" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082861", "reference_id": "1082861", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082861" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309286", "reference_id": "2309286", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:29:27Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309286" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45617", "reference_id": "CVE-2024-45617", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:29:27Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45617" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2024-45617" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6w46-ydxr-2ug7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89098?format=api", "vulnerability_id": "VCID-7mh2-r1zf-yufu", "summary": "libopensc: Heap buffer overflow in OpenPGP driver when generating key", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8443.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8443.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.4117", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41221", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.4119", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.4116", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41217", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8443" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082853", "reference_id": "1082853", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082853" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310494", "reference_id": "2310494", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-10T14:47:31Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310494" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-8443", "reference_id": "CVE-2024-8443", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-10T14:47:31Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-8443" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2024-8443" ], "risk_score": 1.3, "exploitability": "0.5", "weighted_severity": "2.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7mh2-r1zf-yufu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96886?format=api", "vulnerability_id": "VCID-7xnd-jzt9-zyck", "summary": "OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15946.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15946.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15946", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25864", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25862", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25914", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25857", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25966", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25959", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15946" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15946" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765229", "reference_id": "1765229", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765229" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939669", "reference_id": "939669", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939669" }, { "reference_url": "https://security.archlinux.org/ASA-202003-2", "reference_id": "ASA-202003-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202003-2" }, { "reference_url": "https://security.archlinux.org/AVG-1106", "reference_id": "AVG-1106", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4483", "reference_id": "RHSA-2020:4483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4483" }, { "reference_url": "https://usn.ubuntu.com/USN-5281-1/", "reference_id": "USN-USN-5281-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5281-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510129?format=api", "purl": "pkg:deb/debian/opensc@0.21.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.21.0-1" } ], "aliases": [ "CVE-2019-15946" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xnd-jzt9-zyck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96085?format=api", "vulnerability_id": "VCID-af45-6ubg-puef", "summary": "opensc: buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2977.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-2977.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2977", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08179", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08217", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.0823", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08209", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08158", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-2977" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2977", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2977" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037021", "reference_id": "1037021", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211088", "reference_id": "2211088", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:54:22Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2211088" }, { "reference_url": "https://github.com/OpenSC/OpenSC/issues/2785", "reference_id": "2785", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:54:22Z/" } ], "url": "https://github.com/OpenSC/OpenSC/issues/2785" }, { "reference_url": "https://github.com/OpenSC/OpenSC/pull/2787", "reference_id": "2787", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:54:22Z/" } ], "url": "https://github.com/OpenSC/OpenSC/pull/2787" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-2977", "reference_id": "CVE-2023-2977", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:54:22Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-2977" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJD4Q4AJSGE5UIJI7OUYZY4HGGCVYQNI/", "reference_id": "FJD4Q4AJSGE5UIJI7OUYZY4HGGCVYQNI", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:54:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FJD4Q4AJSGE5UIJI7OUYZY4HGGCVYQNI/" }, { "reference_url": "https://security.gentoo.org/glsa/202412-15", "reference_id": "GLSA-202412-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-15" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAR54OV6EHA56B4XJF6RNPQ4HJ2ITU66/", "reference_id": "LAR54OV6EHA56B4XJF6RNPQ4HJ2ITU66", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:54:22Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LAR54OV6EHA56B4XJF6RNPQ4HJ2ITU66/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-09T17:54:22Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00025.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6587", "reference_id": "RHSA-2023:6587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7160", "reference_id": "RHSA-2023:7160", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7160" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2023-2977" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-af45-6ubg-puef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96876?format=api", "vulnerability_id": "VCID-akqy-dq8k-6bbw", "summary": "Several buffer overflows when handling responses from a Cryptoflex card in read_public_key in tools/cryptoflex-tool.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39073", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39078", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39048", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39021", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39033", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16419" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628013", "reference_id": "1628013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628013" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16419" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akqy-dq8k-6bbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89159?format=api", "vulnerability_id": "VCID-amex-6ywq-8fde", "summary": "libopensc: Uninitialized values after incorrect check or usage of APDU response values in libopensc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45616.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25637", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25736", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25689", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.2563", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25745", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45616" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082860", "reference_id": "1082860", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082860" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309290", "reference_id": "2309290", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:30:13Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309290" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45616", "reference_id": "CVE-2024-45616", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:30:13Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45616" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2024-45616" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-amex-6ywq-8fde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96892?format=api", "vulnerability_id": "VCID-b4cy-gqkv-pufk", "summary": "The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26570.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26570.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26570", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16168", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16139", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16199", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16115", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16251", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16241", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26570" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26570" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885947", "reference_id": "1885947", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885947" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972037", "reference_id": "972037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972037" }, { "reference_url": "https://security.archlinux.org/ASA-202011-27", "reference_id": "ASA-202011-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-27" }, { "reference_url": "https://security.archlinux.org/AVG-1298", "reference_id": "AVG-1298", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1600", "reference_id": "RHSA-2021:1600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1600" }, { "reference_url": "https://usn.ubuntu.com/USN-5281-1/", "reference_id": "USN-USN-5281-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5281-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510129?format=api", "purl": "pkg:deb/debian/opensc@0.21.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.21.0-1" } ], "aliases": [ "CVE-2020-26570" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b4cy-gqkv-pufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96878?format=api", "vulnerability_id": "VCID-curn-m1g5-qbf7", "summary": "Several buffer overflows when handling responses from a CAC Card in cac_get_serial_nr_from_CUID in libopensc/card-cac.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16421.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16421.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39073", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39078", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39048", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39021", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39033", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16421" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628034", "reference_id": "1628034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628034" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16421" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-curn-m1g5-qbf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96873?format=api", "vulnerability_id": "VCID-d3j3-fuvu-rkb8", "summary": "Several buffer overflows when handling responses from a TCOS Card in tcos_select_file in libopensc/card-tcos.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16392.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16392.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16392", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34394", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34491", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34508", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34472", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34429", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34449", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16392" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628002", "reference_id": "1628002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628002" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16392" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3j3-fuvu-rkb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96882?format=api", "vulnerability_id": "VCID-du88-kck1-n7ab", "summary": "A double free when handling responses from an HSM Card in sc_pkcs15emu_sc_hsm_init in libopensc/pkcs15-sc-hsm.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16425.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16425.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16425", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41186", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41263", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41266", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41236", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41205", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41216", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16425" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16425", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16425" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628023", "reference_id": "1628023", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628023" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16425" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-du88-kck1-n7ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96875?format=api", "vulnerability_id": "VCID-dw55-499j-yub1", "summary": "A buffer overflow when handling string concatenation in util_acl_to_str in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16418.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39073", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39078", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39048", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39021", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39033", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16418" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628010", "reference_id": "1628010", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628010" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16418" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dw55-499j-yub1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96887?format=api", "vulnerability_id": "VCID-edw5-sxju-g7ca", "summary": "An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-setcos.c has an incorrect read operation during parsing of a SETCOS file attribute.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19479.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19479.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26369", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26365", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26463", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26421", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26473", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19479" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19479", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19479" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782519", "reference_id": "1782519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782519" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947383", "reference_id": "947383", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947383" }, { "reference_url": "https://security.archlinux.org/ASA-202003-2", "reference_id": "ASA-202003-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202003-2" }, { "reference_url": "https://security.archlinux.org/AVG-1106", "reference_id": "AVG-1106", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4483", "reference_id": "RHSA-2020:4483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4483" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510129?format=api", "purl": "pkg:deb/debian/opensc@0.21.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.21.0-1" } ], "aliases": [ "CVE-2019-19479" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-edw5-sxju-g7ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96885?format=api", "vulnerability_id": "VCID-g4fp-v7w7-3fdd", "summary": "OpenSC before 0.20.0-rc1 has an out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15945.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15945.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29523", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29502", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29521", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29488", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29592", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29554", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15945" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765222", "reference_id": "1765222", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765222" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939668", "reference_id": "939668", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939668" }, { "reference_url": "https://security.archlinux.org/ASA-202003-2", "reference_id": "ASA-202003-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202003-2" }, { "reference_url": "https://security.archlinux.org/AVG-1106", "reference_id": "AVG-1106", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4483", "reference_id": "RHSA-2020:4483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4483" }, { "reference_url": "https://usn.ubuntu.com/USN-5281-1/", "reference_id": "USN-USN-5281-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5281-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510129?format=api", "purl": "pkg:deb/debian/opensc@0.21.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.21.0-1" } ], "aliases": [ "CVE-2019-15945" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4fp-v7w7-3fdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96880?format=api", "vulnerability_id": "VCID-hf4y-ryss-63gp", "summary": "A double free when handling responses from a smartcard in sc_file_set_sec_attr in libopensc/sc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16423.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16423.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16423", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41186", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41263", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41266", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41236", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41205", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41216", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16423" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628020", "reference_id": "1628020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628020" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16423" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hf4y-ryss-63gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94673?format=api", "vulnerability_id": "VCID-hm2s-hbb9-hygm", "summary": "opensc: Stack overflow vulnerability in OpenSC smart card middleware", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34193.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71302", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71291", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71295", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71251", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71282", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71267", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235485", "reference_id": "2235485", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235485" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2021-34193" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm2s-hbb9-hygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96881?format=api", "vulnerability_id": "VCID-j553-49cp-sqea", "summary": "A double free when handling responses in read_file in tools/egk-tool.c (aka the eGK card tool) in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16424.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41186", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41263", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41266", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41236", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41205", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00194", "scoring_system": "epss", "scoring_elements": "0.41216", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16424" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16424" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628040", "reference_id": "1628040", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628040" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16424" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j553-49cp-sqea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89155?format=api", "vulnerability_id": "VCID-jvu2-utc5-nybe", "summary": "libopensc: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.2996", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30004", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29975", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.29947", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00116", "scoring_system": "epss", "scoring_elements": "0.30041", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082862", "reference_id": "1082862", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082862" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309287", "reference_id": "2309287", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:28:34Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309287" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45618", "reference_id": "CVE-2024-45618", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:28:34Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45618" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2024-45618" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvu2-utc5-nybe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93647?format=api", "vulnerability_id": "VCID-kj31-cnpv-rydk", "summary": "OpenSC: multiple memory issues with pkcs15-init (enrollment tool)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40661.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53136", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53144", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53123", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53124", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53099", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40661" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055522", "reference_id": "1055522", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055522" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240913", "reference_id": "2240913", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240913" }, { "reference_url": "https://security.gentoo.org/glsa/202412-15", "reference_id": "GLSA-202412-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7876", "reference_id": "RHSA-2023:7876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7879", "reference_id": "RHSA-2023:7879", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7879" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2023-40661" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "4.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kj31-cnpv-rydk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96895?format=api", "vulnerability_id": "VCID-kv9n-d1k9-t3ak", "summary": "A heap double free issue was found in Opensc before version 0.22.0 in sc_pkcs15_free_tokeninfo.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31991", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32064", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32032", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31995", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31964", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31987", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42778" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42778", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42778" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016083", "reference_id": "2016083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016083" }, { "reference_url": "https://security.gentoo.org/glsa/202209-03", "reference_id": "GLSA-202209-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2021-42778" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kv9n-d1k9-t3ak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96894?format=api", "vulnerability_id": "VCID-m8ug-a2vg-v3ax", "summary": "The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26572.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26572.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26572", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16168", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16139", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16199", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16115", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16251", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16241", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26572" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26572" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885954", "reference_id": "1885954", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885954" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972035", "reference_id": "972035", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972035" }, { "reference_url": "https://security.archlinux.org/ASA-202011-27", "reference_id": "ASA-202011-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-27" }, { "reference_url": "https://security.archlinux.org/AVG-1298", "reference_id": "AVG-1298", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1600", "reference_id": "RHSA-2021:1600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1600" }, { "reference_url": "https://usn.ubuntu.com/USN-5281-1/", "reference_id": "USN-USN-5281-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5281-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510129?format=api", "purl": "pkg:deb/debian/opensc@0.21.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.21.0-1" } ], "aliases": [ "CVE-2020-26572" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m8ug-a2vg-v3ax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96889?format=api", "vulnerability_id": "VCID-mvem-x9s6-hufb", "summary": "An issue was discovered in OpenSC through 0.19.0 and 0.20.x through 0.20.0-rc3. libopensc/card-cac1.c mishandles buffer limits for CAC certificates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19481.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19481.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.3095", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30938", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30949", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30917", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.31016", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00123", "scoring_system": "epss", "scoring_elements": "0.30984", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19481" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19481", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19481" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782955", "reference_id": "1782955", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782955" }, { "reference_url": "https://security.archlinux.org/ASA-202003-2", "reference_id": "ASA-202003-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202003-2" }, { "reference_url": "https://security.archlinux.org/AVG-1106", "reference_id": "AVG-1106", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4483", "reference_id": "RHSA-2020:4483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4483" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2019-19481" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mvem-x9s6-hufb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96883?format=api", "vulnerability_id": "VCID-nabq-c1j7-xka4", "summary": "Endless recursion when handling responses from an IAS-ECC card in iasecc_select_file in libopensc/card-iasecc.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to hang or crash the opensc library using programs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16426.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16426.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42486", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42559", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.4257", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42543", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42508", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42517", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16426" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628044", "reference_id": "1628044", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628044" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16426" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nabq-c1j7-xka4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96879?format=api", "vulnerability_id": "VCID-ncpj-rv8r-27h6", "summary": "A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16422.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39073", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39078", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39048", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39021", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39033", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16422" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628016", "reference_id": "1628016", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628016" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16422" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ncpj-rv8r-27h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96884?format=api", "vulnerability_id": "VCID-ng4z-u29b-2ye1", "summary": "Various out of bounds reads when handling responses in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to potentially crash the opensc library using programs.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16427.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16427.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42486", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42559", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.4257", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42543", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42508", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00204", "scoring_system": "epss", "scoring_elements": "0.42517", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16427" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16427" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628052", "reference_id": "1628052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628052" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16427" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ng4z-u29b-2ye1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91878?format=api", "vulnerability_id": "VCID-q5v3-c9wz-4fdq", "summary": "OpenSC: Side-channel leaks while stripping encryption PKCS#1 padding", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5992.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-5992.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5992", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49364", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49389", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49399", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49382", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00257", "scoring_system": "epss", "scoring_elements": "0.49352", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-5992" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5992", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5992" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064189", "reference_id": "1064189", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064189" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248685", "reference_id": "2248685", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:54:54Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248685" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2023-5992", "reference_id": "CVE-2023-5992", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:54:54Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2023-5992" }, { "reference_url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992", "reference_id": "CVE-2023-5992", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:54:54Z/" } ], "url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0966", "reference_id": "RHSA-2024:0966", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:54:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0966" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0967", "reference_id": "RHSA-2024:0967", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:54:54Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:0967" }, { "reference_url": "https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf", "reference_id": "usenixsecurity24-shagam.pdf", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-02T13:54:54Z/" } ], "url": "https://www.usenix.org/system/files/usenixsecurity24-shagam.pdf" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2023-5992" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5v3-c9wz-4fdq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96899?format=api", "vulnerability_id": "VCID-qkmy-wwdp-y7fg", "summary": "Stack buffer overflow issues were found in Opensc before version 0.22.0 in various places that could potentially crash programs using the library.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30356", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3043", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30397", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30368", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30337", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30352", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42782" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42782", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42782" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016448", "reference_id": "2016448", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016448" }, { "reference_url": "https://security.gentoo.org/glsa/202209-03", "reference_id": "GLSA-202209-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-03" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2021-42782" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qkmy-wwdp-y7fg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96893?format=api", "vulnerability_id": "VCID-swss-5s18-ryha", "summary": "The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26571.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26571.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26571", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1341", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13406", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13455", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13375", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13489", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13495", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-26571" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26571", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26571" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885950", "reference_id": "1885950", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885950" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972036", "reference_id": "972036", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972036" }, { "reference_url": "https://security.archlinux.org/ASA-202011-27", "reference_id": "ASA-202011-27", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202011-27" }, { "reference_url": "https://security.archlinux.org/AVG-1298", "reference_id": "AVG-1298", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1600", "reference_id": "RHSA-2021:1600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1600" }, { "reference_url": "https://usn.ubuntu.com/USN-5281-1/", "reference_id": "USN-USN-5281-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5281-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510129?format=api", "purl": "pkg:deb/debian/opensc@0.21.0-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.21.0-1" } ], "aliases": [ "CVE-2020-26571" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-swss-5s18-ryha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96874?format=api", "vulnerability_id": "VCID-sxq9-81w1-yqbu", "summary": "Several buffer overflows when handling responses from a Gemsafe V1 Smartcard in gemsafe_get_cert_len in libopensc/pkcs15-gemsafeV1.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16393.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16393.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34394", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34491", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34508", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34472", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34429", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34449", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16393" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628006", "reference_id": "1628006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628006" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16393" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sxq9-81w1-yqbu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96877?format=api", "vulnerability_id": "VCID-tv1q-daj9-fqg5", "summary": "Several buffer overflows when handling responses from an ePass 2003 Card in decrypt_response in libopensc/card-epass2003.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16420.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16420.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16420", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.38985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39073", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39078", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39048", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39021", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00177", "scoring_system": "epss", "scoring_elements": "0.39033", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16420" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16420", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16420" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628026", "reference_id": "1628026", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628026" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444", "reference_id": "909444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2154", "reference_id": "RHSA-2019:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2154" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517332?format=api", "purl": "pkg:deb/debian/opensc@0.19.0-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18ud-hwu9-sfcy" }, { "vulnerability": "VCID-1ntg-3yvw-bkcx" }, { "vulnerability": "VCID-1uky-s3fj-vkdp" }, { "vulnerability": "VCID-378j-fxjw-xkdg" }, { "vulnerability": "VCID-5rmc-bsxk-5ydm" }, { "vulnerability": "VCID-6w46-ydxr-2ug7" }, { "vulnerability": "VCID-7mh2-r1zf-yufu" }, { "vulnerability": "VCID-7xnd-jzt9-zyck" }, { "vulnerability": "VCID-af45-6ubg-puef" }, { "vulnerability": "VCID-amex-6ywq-8fde" }, { "vulnerability": "VCID-b4cy-gqkv-pufk" }, { "vulnerability": "VCID-edw5-sxju-g7ca" }, { "vulnerability": "VCID-g4fp-v7w7-3fdd" }, { "vulnerability": "VCID-hm2s-hbb9-hygm" }, { "vulnerability": "VCID-jvu2-utc5-nybe" }, { "vulnerability": "VCID-kj31-cnpv-rydk" }, { "vulnerability": "VCID-kv9n-d1k9-t3ak" }, { "vulnerability": "VCID-m8ug-a2vg-v3ax" }, { "vulnerability": "VCID-q5v3-c9wz-4fdq" }, { "vulnerability": "VCID-qkmy-wwdp-y7fg" }, { "vulnerability": "VCID-swss-5s18-ryha" }, { "vulnerability": "VCID-xtuj-9bfq-fqer" }, { "vulnerability": "VCID-xvva-rx25-cbe5" }, { "vulnerability": "VCID-z7un-823q-4yg8" }, { "vulnerability": "VCID-znf1-yeby-fbc5" }, { "vulnerability": "VCID-zscu-rphw-cqab" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.19.0-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16420" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tv1q-daj9-fqg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89158?format=api", "vulnerability_id": "VCID-xtuj-9bfq-fqer", "summary": "libopensc: Incorrect handling of the length of buffers or files in pkcs15init", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45620.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25153", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2525", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.252", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25143", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25267", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45620" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082864", "reference_id": "1082864", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309289", "reference_id": "2309289", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:33:24Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309289" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45620", "reference_id": "CVE-2024-45620", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:33:24Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45620" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2024-45620" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xtuj-9bfq-fqer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91273?format=api", "vulnerability_id": "VCID-xvva-rx25-cbe5", "summary": "opensc: Memory use after free in AuthentIC driver when updating token info", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1454.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1454.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1454", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2373", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23843", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23828", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23778", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23725", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1454" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1454", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1454" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263929", "reference_id": "2263929", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-13T16:49:06Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263929" }, { "reference_url": "https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9", "reference_id": "5835f0d4f6c033bd58806d33fa546908d39825c9", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-13T16:49:06Z/" } ], "url": "https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1454", "reference_id": "CVE-2024-1454", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-13T16:49:06Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1454" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2024-1454" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xvva-rx25-cbe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96897?format=api", "vulnerability_id": "VCID-z7un-823q-4yg8", "summary": "A use after return issue was found in Opensc before version 0.22.0 in insert_pin function that could potentially crash programs using the library.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42780.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42780.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24504", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24606", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24596", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24541", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24482", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24491", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42780" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42780" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139", "reference_id": "2016139", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016139" }, { "reference_url": "https://security.gentoo.org/glsa/202209-03", "reference_id": "GLSA-202209-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-03" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" }, { "reference_url": "https://usn.ubuntu.com/7346-3/", "reference_id": "USN-7346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2021-42780" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7un-823q-4yg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/89156?format=api", "vulnerability_id": "VCID-znf1-yeby-fbc5", "summary": "libopensc: Incorrect handling length of buffers or files in libopensc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45619.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45619.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45619", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25153", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2525", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.252", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25143", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25267", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45619" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45619", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45619" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082863", "reference_id": "1082863", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082863" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309288", "reference_id": "2309288", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:33:55Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309288" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-45619", "reference_id": "CVE-2024-45619", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-04T13:33:55Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-45619" }, { "reference_url": "https://usn.ubuntu.com/7346-1/", "reference_id": "USN-7346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7346-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2024-45619" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-znf1-yeby-fbc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96898?format=api", "vulnerability_id": "VCID-zscu-rphw-cqab", "summary": "Heap buffer overflow issues were found in Opensc before version 0.22.0 in pkcs15-oberthur.c that could potentially crash programs using the library.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30356", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.3043", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30397", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30368", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30337", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30352", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42781" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016439", "reference_id": "2016439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016439" }, { "reference_url": "https://security.gentoo.org/glsa/202209-03", "reference_id": "GLSA-202209-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510130?format=api", "purl": "pkg:deb/debian/opensc@0.23.0-0.3%2Bdeb12u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4pkz-ygry-u7fv" }, { "vulnerability": "VCID-f1de-vrwk-jyad" }, { "vulnerability": "VCID-naxv-mw94-5yfr" }, { "vulnerability": "VCID-rzzp-cdfb-d3hr" }, { "vulnerability": "VCID-zapv-zdue-b3ft" }, { "vulnerability": "VCID-zgp2-553n-73b8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.23.0-0.3%252Bdeb12u2" } ], "aliases": [ "CVE-2021-42781" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zscu-rphw-cqab" } ], "fixing_vulnerabilities": [], "risk_score": "3.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/opensc@0.16.0-3%252Bdeb9u1" }