Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Opencryptoki Project Subscribe
Filtered by product Opencryptoki
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-4454 1 Opencryptoki Project 1 Opencryptoki 2023-02-12 2.9 LOW N/A
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
CVE-2012-4455 1 Opencryptoki Project 1 Opencryptoki 2023-02-12 6.2 MEDIUM N/A
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
CVE-2021-3798 1 Opencryptoki Project 1 Opencryptoki 2023-02-12 N/A 5.5 MEDIUM
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.