69 matches found
CVE-2021-41987
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scepservername value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10...
CVE-2025-0128
The CVE-2025-0128 DoS exists in Palo Alto Networks PAN-OS SCEP authentication, allowing an unauthenticated attacker to reboot the firewall and push it into maintenance mode. Cloud NGFW is not affected; Prisma Access is patched. Affected PAN-OS versions include 10.1.x (<10.1.14-h11), 10.2.x (&l...
The vulnerability of the Simple Certificate Enrollment Protocol (SCEP) implementation in Windows operating systems allows a perpetrator to trigger a service failure.
The vulnerability of the Simple Certificate Enrollment Protocol SCEP implementation in Windows operating systems is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
RHEL 5 : pki (RHSA-2010:0838)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0838 advisory. Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure PKI deployments. Simple...
BIT-EJBCA-2021-40086
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
BIT-EJBCA-2021-40087
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...
CVE-2023-36755
A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.0, RUGGEDCOM ROX MX5000RE All versions V2.16.0, RUGGEDCOM ROX RX1400 All versions V2.16.0, RUGGEDCOM ROX RX1500 All versions V2.16.0, RUGGEDCOM ROX RX1501 All versions V2.16.0, RUGGEDCOM ROX RX1510 All versions V2.16.0...
SAMSUNG Mobile device 输入验证错误漏洞
SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile device SMR Jul-2023 Release 1 version, which stems from an incorrect input validation vulnerability ...
PT-2023-4060 · Siemens · Ruggedcom Rox Mx5000 +8
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM ROX MX5000 versions prior to V2.16.0 RUGGEDCOM ROX MX5000RE versions prior to V2.16.0 RUGGEDCOM ROX RX1400 versions prior to V2.16.0 RUGGEDCOM ROX RX1500 versions prior to V2.16.0 RUGGEDCOM ROX RX1501 versions prior to V2.16.0...
CVE-2021-41987
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scepservername value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10...
CVE-2021-41987
The vulnerability CVE-2021-41987 affects MikroTik RouterOS SCEP Server in specific releases (RouterOS 6.46.8, 6.47.9, 6.47.10). A heap-based buffer overflow can be triggered by an attacker who knows the scep_server_name value, leading to remote code execution. Multiple sources (NVD entry and Red ...
Palo Alto Networks PAN-OS 8.1.x < 8.1.20-h1 / 9.0.x < 9.0.14-h3 / 9.1.x < 9.1.11-h2 / 10.0.x < 10.0.8 / 10.1.x < 10.1.3 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.20-h1 or 9.0.x prior to 9.0.14-h3 or 9.1.x prior to 9.1.11-h2 or 10.0.x prior to 10.0.8 or 10.1.x prior to 10.1.3. It is, therefore, affected by a vulnerability. - An OS command injection vulnerability in th...
Palo Alto Networks PAN-OS SCEP feature command injection vulnerability
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances.A command injection vulnerability exists in Palo Alto Networks PAN-OS, which stems from an OS command injection vulnerability in the software's SCEP Simple Certificate The...
CVE-2021-3060
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...
Command injection
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...
PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP)
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol SCEP feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have...
CVE-2021-40087
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...
CVE-2021-40086
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...
Code injection
An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...
Code injection
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page that can only be viewed by an administrator. While hidden from direct view, checking the page source would...