MiracleLinux 8 : pki-core:10.6 (AXSA:2021-1597:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1597:01 advisory. jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 bootstrap: XSS in the data-target attribute CVE-2016-10735 bootstrap:...

kra-mer.de Improper Access Control vulnerability OBB-3768434

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2020-1721

A flaw was found in the Key Recovery Authority KRA Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID during a key recovery request, enabling a reflected cross-site scripting XSS vulnerability. An attacker could trick an authenticated victim into executing...

CVE-2020-1721

CVE-2020-1721 is a reflected XSS in the Key Recovery Authority (KRA) Agent Service of pki-core (10.x). The vulnerability arises from improper sanitization of the recovery ID during a key recovery request, enabling an authenticated user to be tricked into executing crafted JavaScript. MiracleLinux...

Fedora: Security Advisory for pki-core (FEDORA-2021-344dd24c84)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Cross-Site Scripting (XSS)

pki-core vulnerable to cross-site scripting. The vulnerability exists due to a flaw was found in the Key Recovery Authority KRA Agent Service where it did not properly sanitize the recovery ID during a key recovery request...

RHEL 7 : pki-core (RHSA-2021:0819)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0819 advisory. The Public Key Infrastructure PKI Core contains fundamental packages required by Red Hat Certificate System. Security Fixes: pki-core:...

Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-10179

A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority KRA Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting XSS vulnerability. An attacker could trick an authenticated victim into executing special...

Cross site scripting

A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority KRA Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting XSS vulnerability. An attacker could trick an authenticated victim into executing special...

CVE-2019-10179

A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority KRA Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting XSS vulnerability. An attacker could trick an authenticated victim into executing special...

PT-2020-9056 · Pki-Core +3 · Pki-Core +3

Name of the Vulnerable Software and Affected Versions: pki-core versions 10.x.x Description: A vulnerability was found in the Key Recovery Authority KRA Agent Service where it did not properly sanitize the recovery request search page, enabling a Reflected Cross Site Scripting XSS vulnerability. ...

CVE-2019-11721

The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox 68...

UBUNTU-CVE-2019-11721

The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox 68...

Red Hat FreeIPA Arbitrary Certificate Issuance Vulnerability

Red Hat FreeIPA is an integrated security information management solution from Red Hat, Inc. The solution provides an easy-to-manage identity, policy and audit IPA suite for Linux and Unix computer networks. A security vulnerability in ipa-kra-install in Red Hat FreeIPA versions prior to 4.2.2...

CVE-2015-5284

ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable...

CVE-2015-5284

CVE-2015-5284 (FreeIPA) Impact: In FreeIPA versions before 4.2.2, ipa-kra-install stores the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem with world-readable permissions. This could allow an attacker to access the CA private key and potentially issue certificates (effect...

RHEL 7 : pki-core (RHSA-2017:2335)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:2335 advisory. Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure PKI deployments. PKI Core contain...