Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-0914 | 2 Opencryptoki Project, Redhat | 2 Opencryptoki, Enterprise Linux | 2024-11-21 | N/A | 5.9 MEDIUM |
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. | |||||
CVE-2021-3798 | 1 Opencryptoki Project | 1 Opencryptoki | 2024-11-21 | N/A | 5.5 MEDIUM |
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack. | |||||
CVE-2012-4455 | 1 Opencryptoki Project | 1 Opencryptoki | 2024-11-21 | 6.2 MEDIUM | N/A |
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/. | |||||
CVE-2012-4454 | 1 Opencryptoki Project | 1 Opencryptoki | 2024-11-21 | 2.9 LOW | N/A |
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp. |