89 matches found
EUVD-2021-27278
Malware in sbrugna...
EUVD-2021-27277
Malware in sbrugna...
EUVD-2021-27275
Malware in sbrugna...
EUVD-2020-17964
Malware in sbrugna...
EUVD-2021-27276
Malware in sbrugna...
EUVD-2020-21330
Malware in sbrugna...
EUVD-2022-37737
Malicious code in bioql PyPI...
EUVD-2022-42279
Malicious code in bioql PyPI...
EUVD-2022-31052
Malicious code in bioql PyPI...
EUVD-2022-43981
Malicious code in bioql PyPI...
CVE-2022-26494
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...
CVE-2022-39834
A stored XSS vulnerability was discovered in adminweb/ra/viewendentity.jsp in PrimeKey EJBCA through 7.9.0.2. A low-privilege user can store JavaScript in order to exploit a higher-privilege user...
CVE-2021-40089
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disable...
CVE-2020-25276
An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate...
BIT-EJBCA-2020-25276
An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate...
BIT-EJBCA-2020-28942
An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol. As a part of EJBCA's domain security model, the peer connector allows the restriction of client certificates for the RA, not the end user to a limited set of allowed CAs, th...
BIT-EJBCA-2021-40086
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
BIT-EJBCA-2021-40088
An issue was discovered in PrimeKey EJBCA before 7.6.0. CMP RA Mode can be configured to use a known client certificate to authenticate enrolling clients. The same RA client certificate is used for revocation requests as well. While enrollment enforces multi tenancy constraints by verifying that...
BIT-EJBCA-2021-40089
An issue was discovered in PrimeKey EJBCA before 7.6.0. The General Purpose Custom Publisher, which is normally run to invoke a local script upon a publishing operation, was still able to run if the System Configuration setting Enable External Script Access was disabled. With this setting disable...
BIT-EJBCA-2022-34831
An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...