Common Vulnerabilities and Exposures (CVE)

CVE-2024-45620

Jul 5, 2025 10:59:10 UTC

A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, i...

CVE-2024-45619

Jul 5, 2025 10:58:44 UTC

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are pa...

CVE-2024-45618

Jul 5, 2025 10:58:29 UTC

A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of ...

CVE-2024-45617

Jul 5, 2025 10:58:20 UTC

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or m...

CVE-2024-45616

Jul 5, 2025 10:58:03 UTC

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following pro...

CVE-2024-45615

Jul 5, 2025 10:56:34 UTC

A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.).

CVE-2025-3360

Jul 5, 2025 10:39:05 UTC

A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.

CVE-2024-8443

Jul 5, 2025 09:43:58 UTC

A heap-based buffer overflow vulnerability was found in the libopensc OpenPGP driver. A crafted USB device or smart card with malicious responses to the APDUs during the card enrollment process using the `pkcs15-init` tool may lead to out-o...

CVE-2024-49395

Jul 5, 2025 09:22:59 UTC

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info.

CVE-2024-5742

Jul 5, 2025 09:21:35 UTC

A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a ...

CVE-2025-7074

Jul 5, 2025 09:02:05 UTC

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expressio...

CVE-2024-45782

Jul 5, 2025 07:25:33 UTC

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grub_fs_mount(), the HFS filesystem driver performs a strcpy() using the user-provided volume name as input without properly validating the volume name's length. T...

CVE-2024-45780

Jul 5, 2025 07:25:15 UTC

A flaw was found in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It's possible to cause the allocation length to...

CVE-2024-45779

Jul 5, 2025 07:24:59 UTC

An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an ...

CVE-2024-45778

Jul 5, 2025 07:24:38 UTC

A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.