302 matches found
FORT Validator 安全漏洞
FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions 1.6.4 through 2.0.0 that stems from the inclusion of an integrity validation issue...
PT-2024-36728 · Fort +1 · Fort +1
Name of the Vulnerable Software and Affected Versions: Fort versions 1.6.4 and earlier, up to but not including 2.0.0 Description: A validation integrity issue was discovered in the product. RPKI Relying Parties, such as Fort, are supposed to maintain a backup cache of the remote RPKI data, which...
FORT Validator 安全漏洞
FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator version 1.6.4 and earlier, which stems from a validation integrity issue that could lead to incomplete routing origin validation data...
USN-7146-1: Dogtag PKI vulnerabilities
Christina Fu discovered that Dogtag PKI accidentally enabled a mock authentication plugin by default. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. This issue only affected Ubuntu 16.04 LTS. CVE-2017-753...
CVE-2024-6219
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured...
LXD 安全漏洞
LXD is a Canonical open source container for managing applications on Linux-based systems. A security vulnerability exists in LXD versions prior to 5.21.2 that stems from the ability to bypass PKI mode if a client's certificate exists in a trust store...
PT-2024-37418
Name of the Vulnerable Software and Affected Versions: LXD versions 4.0 through 5.21.1 Description: A security issue was discovered in LXD's PKI mode, where a client's certificate could be used to bypass authentication if the certificate is present in the trust store, even if it is not signed by ...
PT-2024-37461
Name of the Vulnerable Software and Affected Versions: LXD versions prior to 5.21.1 Description: A restricted certificate could be added to the trust store with its restrictions not honoured in LXD's PKI mode. This occurs when the core.trust ca certificates configuration option is disabled, causi...
RHEL 8 : pki-deps:10.6 (RHSA-2024:8567)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8567 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: tomcat: Denial of Servic...
RHEL 8 : pki-deps:10.6 (RHSA-2024:8497)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8497 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: tomcat: Denial of Servic...
RHEL 8 : pki-core:10.6 and pki-deps:10.6 (RHSA-2024:8543)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:8543 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: tomcat: Denial of Servic...
RHEL 5 : Red Hat Certificate System 8 (RHSA-2017:2560)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2560 advisory. Red Hat Certificate System is a complete implementation of an enterprise software system designed to manage enterprise public key infrastructure PKI...
RHEL 7 : Red Hat Certificate System (RHSA-2021:0948)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0948 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: pki-core: store...
The vulnerability of the PKIAuthenticationPlugin plugin for the Apache Solr search server allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the PKIAuthenticationPlugin plugin for the Apache Solr search server is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...
Important: Red Hat Security Advisory: pki-deps:10.6 security update
An update for the pki-deps:10.6 module is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...
The vulnerability in implementations of ASN.1/DER, PKIX, Kerberos Heimdal, and the Samba network communication software package, related to repeated memory release, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerabilities of ASN.1/DER, PKIX, Kerberos Heimdal, and the Samba networking software package are related to repeated memory release. Exploiting these vulnerabilities can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...
Seventh Sense Unveils Revolutionary Privacy-Preserving Face-Based Public Key Infrastructure and eID Solution
Singapore, SG, 10th September 2024, CyberNewsWire...
PT-2024-10103
Name of the Vulnerable Software and Affected Versions rsync affected versions not specified Description The issue is related to an uncontrolled resource consumption in the rsync repository validator FORT. It can be exploited by a remote attacker to elevate their privileges. A malicious RPKI rsync...
Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals
The most dangerous vulnerability you've never heard of. In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others ar...
Insecure Platform Key (PK) used in UEFI system firmware signature
Overview A vulnerability in the user of hard-coded Platform Keys PK within the UEFI framework, known as PKfail, has been discovered. This flaw allows attackers to bypass critical UEFI security mechanisms like Secure Boot, compromising the trust between the platform owner and firmware and enabling...