Lucene search
K

302 matches found

CNNVD
CNNVD
added 2024/12/18 12:0 a.m.2 views

FORT Validator 安全漏洞

FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions 1.6.4 through 2.0.0 that stems from the inclusion of an integrity validation issue...

5.3CVSS6.5AI score0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/18 12:0 a.m.6 views

PT-2024-36728 · Fort +1 · Fort +1

Name of the Vulnerable Software and Affected Versions: Fort versions 1.6.4 and earlier, up to but not including 2.0.0 Description: A validation integrity issue was discovered in the product. RPKI Relying Parties, such as Fort, are supposed to maintain a backup cache of the remote RPKI data, which...

5.3CVSS7.1AI score0.00175EPSS
Exploits0References15
CNNVD
CNNVD
added 2024/12/18 12:0 a.m.4 views

FORT Validator 安全漏洞

FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator version 1.6.4 and earlier, which stems from a validation integrity issue that could lead to incomplete routing origin validation data...

5.3CVSS6.3AI score0.00175EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2024/12/10 8:54 a.m.29 views

USN-7146-1: Dogtag PKI vulnerabilities

Christina Fu discovered that Dogtag PKI accidentally enabled a mock authentication plugin by default. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. This issue only affected Ubuntu 16.04 LTS. CVE-2017-753...

7.5CVSS7.1AI score0.85323EPSS
Exploits5
AlpineLinux
AlpineLinux
added 2024/12/06 12:15 a.m.2 views

CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured...

3.8CVSS7.1AI score0.00156EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/12/05 12:0 a.m.3 views

LXD 安全漏洞

LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 5.21.2 that stems from the ability to bypass PKI mode if a client's certificate exists in a trust store...

3.8CVSS6.3AI score0.00158EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.5 views

PT-2024-37418

Name of the Vulnerable Software and Affected Versions: LXD versions 4.0 through 5.21.1 Description: A security issue was discovered in LXD's PKI mode, where a client's certificate could be used to bypass authentication if the certificate is present in the trust store, even if it is not signed by ...

8.1CVSS7.6AI score0.03001EPSS
Exploits3References44
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.4 views

PT-2024-37461

Name of the Vulnerable Software and Affected Versions: LXD versions prior to 5.21.1 Description: A restricted certificate could be added to the trust store with its restrictions not honoured in LXD's PKI mode. This occurs when the core.trust ca certificates configuration option is disabled, causi...

8.1CVSS7.6AI score0.03001EPSS
Exploits3References40
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.11 views

RHEL 8 : pki-deps:10.6 (RHSA-2024:8567)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8567 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: tomcat: Denial of Servic...

8.6CVSS8.1AI score0.01702EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.15 views

RHEL 8 : pki-deps:10.6 (RHSA-2024:8497)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8497 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: tomcat: Denial of Servic...

8.6CVSS8.1AI score0.01702EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/07 12:0 a.m.12 views

RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2024:8543)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8543 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: tomcat: Denial of Servic...

8.6CVSS8.1AI score0.01702EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.9 views

RHEL 5 : Red Hat Certificate System 8 (RHSA-2017:2560)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2560 advisory. Red Hat Certificate System is a complete implementation of an enterprise software system designed to manage enterprise public key infrastructure PKI...

6.5CVSS5.9AI score0.00735EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/11/05 12:0 a.m.12 views

RHEL 7 : Red Hat Certificate System (RHSA-2021:0948)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0948 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: pki-core: store...

6.1CVSS5.4AI score0.00961EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.12 views

The vulnerability of the PKIAuthenticationPlugin plugin for the Apache Solr search server allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PKIAuthenticationPlugin plugin for the Apache Solr search server is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

10CVSS5.8AI score0.90709EPSS
Exploits1References5Affected Software1
RedHat Linux
RedHat Linux
added 2024/10/29 12:7 p.m.17 views

Important: Red Hat Security Advisory: pki-deps:10.6 security update

An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

8.6CVSS7.2AI score0.01702EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/09/13 12:0 a.m.5 views

The vulnerability in implementations of ASN.1/DER, PKIX, Kerberos Heimdal, and the Samba network communication software package, related to repeated memory release, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerabilities of ASN.1/DER, PKIX, Kerberos Heimdal, and the Samba networking software package are related to repeated memory release. Exploiting these vulnerabilities can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

10CVSS6.4AI score0.01844EPSS
Exploits0References11Affected Software5
HackRead
HackRead
added 2024/09/10 8:54 a.m.7 views

Seventh Sense Unveils Revolutionary Privacy-Preserving Face-Based Public Key Infrastructure and eID Solution

Singapore, SG, 10th September 2024, CyberNewsWire...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.3 views

PT-2024-10103

Name of the Vulnerable Software and Affected Versions rsync affected versions not specified Description The issue is related to an uncontrolled resource consumption in the rsync repository validator FORT. It can be exploited by a remote attacker to elevate their privileges. A malicious RPKI rsync...

9.8CVSS6.6AI score0.00481EPSS
Exploits0References28
The Hacker News
The Hacker News
added 2024/08/30 10:42 a.m.15 views

Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals

The most dangerous vulnerability you've never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others ar...

7.9AI score
Exploits0
CERT
CERT
added 2024/08/30 12:0 a.m.29 views

Insecure Platform Key (PK) used in UEFI system firmware signature

Overview A vulnerability in the user of hard-coded Platform Keys PK within the UEFI framework, known as PKfail, has been discovered. This flaw allows attackers to bypass critical UEFI security mechanisms like Secure Boot, compromising the trust between the platform owner and firmware and enabling...

6.4CVSS6.8AI score0.0024EPSS
Exploits0References8
Rows per page
Query Builder