Download
| Alert*
oval:org.secpod.oval:def:505971
pki-symkey is installed oval:org.secpod.oval:def:1505656 jss [4.9.3-1] - Rebase to JSS 4.9.3 - Bug 2046022 - CVE-2021-4213 pki-core:10.6/jss: memory leak in TLS connection leads to OOM [rhel-8] [4.9.2-1] - Rebase to JSS 4.9.2 ldapjdk [4.23.0-1] - Rebase to LDAP SDK 4.23.0 [4.23.0-0.1] - Rebase to LDAP SDK 4.23.0-alpha1 pki-core [10.12.0-2.0.1] - Remove up ... oval:org.secpod.oval:def:507257 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-core: access to external entities when parsing XML can lead to XXE For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other ... oval:org.secpod.oval:def:73634 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-server: Dogtag installer pkispawn logs admin credentials into a world-readable log file The PKI installer pkispawn logs admin credentials into a world-readable log file. It ... oval:org.secpod.oval:def:2500381 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:4500039 The Public Key Infrastructure Core contains fundamental packages required by Rocky Linux Certificate System. The PKI installer pkispawn logs admin credentials into a world-readable log file. It also looks like the installer is passing the password as an insecure command line argument. The credentia ... oval:org.secpod.oval:def:1504946 pki-core [10.10.5-3.0.1] - Remove upstream reference. [10.10.5-3] - Bug 1960146 - CVE-2021-3551 Dogtag installer pkispawn logs admin credentials into a world-readable log file oval:org.secpod.oval:def:507426 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-core: access to external entities when parsing XML can lead to XXE For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other ... oval:org.secpod.oval:def:507223 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field For more details about the security issue ... oval:org.secpod.oval:def:5800067 The Public Key Infrastructure Core contains fundamental packages required by Rocky Enterprise Software Foundation Certificate System. Security Fix: * pki-core: access to external entities when parsing XML can lead to XXE For more details about the security issue, including the impact, a CVSS score ... oval:org.secpod.oval:def:2600103 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:1701277 Access to external entities when parsing XML documents can lead to XML external entity attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests oval:org.secpod.oval:def:2500502 The Public Key Infrastructure Core contains fundamental packages required by AlmaLinux Certificate System. oval:org.secpod.oval:def:73606 The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class For more details about the security issue, including the impact, a CVSS score, acknowledgm ... oval:org.secpod.oval:def:1505209 apache-commons-collections jss [4.8.1-2] - Bug 1932803 - HSM + FIPS: CMCRequest with a shared secret resulting in error [4.8.1-1] - Rebase to upstream JSS v4.8.1 - Red Hat Bugilla #1908541 - jss broke SCEP - missing PasswordChallenge class - Red Hat Bugilla #1489256 - [RFE] jss should support RSA wi ... oval:org.secpod.oval:def:1505303 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1701854 A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be a ... oval:org.secpod.oval:def:1505309 The advisory is missing the security advisory description. For more information please visit the reference link |