FreeIPA - XML Entity Injection

Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. id: CVE-2022-2414 info: name: FreeIPA - XML Entity Injection...

Ubuntu 18.04 LTS / 20.04 LTS : Dogtag PKI vulnerability (USN-8158-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8158-1 advisory. Fraser Tweedale and Geetika Kapoor discovered that Dogtag PKI could renew a certificate without proper authentication. An attacker could possibly use...

Ubuntu: Security Advisory (USN-8158-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8158-1: Dogtag PKI vulnerability

Fraser Tweedale and Geetika Kapoor discovered that Dogtag PKI could renew a certificate without proper authentication. An attacker could possibly use this to repeatedly renew a compromised certificate and maintain unauthorized access to a system or resource...

USN-8158-1 dogtag-pki vulnerability

Fraser Tweedale and Geetika Kapoor discovered that Dogtag PKI could renew a certificate without proper authentication. An attacker could possibly use this to repeatedly renew a compromised certificate and maintain unauthorized access to a system or resource...

MiracleLinux 9 : pki-core-11.5.0-2.el9_4.ML.1 (AXSA:2024-8488:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8488:02 advisory. dogtag ca: token authentication bypass vulnerability CVE-2023-4727 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 8 : pki-core:10.6 (AXSA:2021-1597:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1597:01 advisory. jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 bootstrap: XSS in the data-target attribute CVE-2016-10735 bootstrap:...

EUVD-2017-11768

Malware in sbrugna...

EUVD-2012-2645

Malware in sbrugna...

EUVD-2018-11732

Malware in sbrugna...

EUVD-2020-7706

Malware in sbrugna...

EUVD-2010-3847

Malware in sbrugna...

EUVD-2012-3341

Malware in sbrugna...

EUVD-2023-54575

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-4727

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter...

Linux Distros Unpatched Vulnerability : CVE-2018-1080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL allow and deny rules...

Linux Distros Unpatched Vulnerability : CVE-2020-15720

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-code...

ROS-20250109-02

Vulnerability in dogtag-pki and pki-core packages is related to incorrect input validation during query processing LDAP. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the authentication process. authentication...

USN-7146-1: Dogtag PKI vulnerabilities

Christina Fu discovered that Dogtag PKI accidentally enabled a mock authentication plugin by default. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. This issue only affected Ubuntu 16.04 LTS. CVE-2017-753...

USN-7146-1 dogtag-pki vulnerabilities

Christina Fu discovered that Dogtag PKI accidentally enabled a mock authentication plugin by default. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates. This issue only affected Ubuntu 16.04 LTS. CVE-2017-753...