Opencryptoki_project Opencryptoki
7 CVEs affecting Opencryptoki_project Opencryptoki. Latest disclosed: 2026-04-16. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40253 | Medium | 6.8 | 2026-04-16 | openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common lib… |
CVE-2026-23893 | Medium | 6.8 | 2026-01-22 | openCryptoki is a PKCS#11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileg… |
CVE-2026-22791 | Medium | 6.6 | 2026-01-13 | openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP… |
CVE-2024-0914 | Medium | 5.9 | 2024-01-31 | A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potent… |
CVE-2021-3798 | Medium | 5.5 | 2022-08-23 | A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_Der… |
CVE-2012-4455 | | 2012-10-10 | openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) L… | |
CVE-2012-4454 | | 2012-10-10 | openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the… |