The host is installed with Visual Studio code before 1.66.2 and is prone to a elevation of privilege vulnerability. A flaw is present in the application, which fails to properly handle unspecified vectors. Successful exploitation allows attackers to cause unspecified impact.
[10.5.18-23] # RHEL 7.9 : Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external entities when parsing XML can lead to XXE [rhel-7.9.z] - Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field [rhel-7.9] - ############################################################# ...
The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C ...
The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Security Fix: * pki-core: When using the caServerKeygen_DirUserCert profile, user can get certificates for other UIDs by entering name in Subject field For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C ...
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a pa ...