DEBIAN-CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

DEBIAN-CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

FORT Validator 安全漏洞

FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions prior to 1.6.3 that stems from dereferencing pointers...

PT-2024-31493

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing an Authority Key Identifier extension that lacks t...

Low: Red Hat Bug Fix Advisory: ca-certificates bug fix and enhancement update

An update for ca-certificates is now available for Red Hat Enterprise Linux 8. The ca-certificates package contains a set of Certificate Authority CA certificates chosen by the Mozilla Foundation for use with the Internet Public Key Infrastructure PKI. Bug Fixes and Enhancements: Annual 2024...

How to Configure StoreFront and Smart Card Authentication for Internal Users using Stores

This article describes how to configure Citrix StoreFront 2.0 and Smart Card authentication using Gemalto .NET cards against stores for internal users. Requirements The following components are needed to allow users connectthrough Smart Card to StoreFront: Citrix StoreFront 2.x Citrix Receiver fo...

ca: token authentication bypass vulnerability

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...

Important: Red Hat Security Advisory: Red Hat Certificate System 10.4 for RHEL 8 security and bug fix update

An update for pki-core is now available for Red Hat Certificate System 10.4 for RHEL 8.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 8 : Red Hat Certificate System 10.4 for RHEL 8 (RHSA-2024:4070)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4070 advisory. Red Hat Certificate System RHCS is a complete implementation of an enterprise software system designed to manage enterprise Public Key Infrastructure...

CLSA-2024-1718787931 libssh: Fix of CVE-2023-2283

CVE-2023-2283: src/pkicrypto.c: fix possible authentication bypass, remove unneccessary null check; tests/client/torturerekey.c: fix tests...

UBUNTU-CVE-2023-4727

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege...

ALSA-2024:3061 Moderate: pki-core:10.6 and pki-deps:10.6 security update

The Public Key Infrastructure PKI Core contains fundamental packages required by AlmaLinux Certificate System. Security Fixes: jackson-databind: denial of service via a large depth of nested objects CVE-2020-36518 For more details about the security issues, including the impact, a CVSS score,...

CVE-2024-30397 Junos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (IKE) process

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon pkid of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service DoS. The pkid is responsible for the certificate verification. Upon a failed...

CVE-2024-30397 Junos OS: An invalid certificate causes a Denial of Service in the Internet Key Exchange (IKE) process

An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon pkid of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service DoS. The pkid is responsible for the certificate verification. Upon a failed...

PT-2024-3483 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 20.4R3-S10 Juniper Networks Junos OS 21.2 versions prior to 21.2R3-S7 Juniper Networks Junos OS 21.4 versions prior to 21.4R3-S5 Juniper Networks Junos OS 22.1 versions prior to 22.1R3-S4 Juniper...

Fedora: Security Advisory for dogtag-pki (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: dogtag-pki-11.5.0-3.fc40

Dogtag PKI is an enterprise software system designed to manage enterprise Public Key Infrastructure deployments. Dogtag PKI consists of the following components: Certificate Authority CA Key Recovery Authority KRA Online Certificate Status Protocol OCSP Manager Token Key Service TKS Token...

SUSE CVE-2018-1080

Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules to be reversed. If a server is configured to process allow rules before deny rules authz.evaluateOrder=allow,deny, then allow rules will...

SUSE CVE-2021-3551

A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threa...

PT-2023-5588 · Unknown +8 · Crypto/Tls +8

Name of the Vulnerable Software and Affected Versions: crypto/tls affected versions not specified Description: The issue is related to extremely large RSA keys in certificate chains, which can cause a client/server to expend significant CPU time verifying signatures. With the fix, the size of RSA...