Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
opencryptoki project opencryptoki vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-0914
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Opencryptoki Project Opencryptoki
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
NA
CVE-2021-3798
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid...
Opencryptoki Project Opencryptoki
2.9
CVSSv2
CVE-2012-4454
openCryptoki prior to 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
Opencryptoki Project Opencryptoki 2.3.3
Opencryptoki Project Opencryptoki 2.2.7
Opencryptoki Project Opencryptoki 2.2.4
Opencryptoki Project Opencryptoki 2.2.3
Opencryptoki Project Opencryptoki 2.2.8
Opencryptoki Project Opencryptoki 2.2.5
Opencryptoki Project Opencryptoki 2.3.1
Opencryptoki Project Opencryptoki
Opencryptoki Project Opencryptoki 2.2.4.1
Opencryptoki Project Opencryptoki 2.3.2
Opencryptoki Project Opencryptoki 2.3.0
Opencryptoki Project Opencryptoki 2.2.6
6.2
CVSSv2
CVE-2012-4455
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
Opencryptoki Project Opencryptoki 2.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started