USN-8158-1 dogtag-pki vulnerability

Fraser Tweedale and Geetika Kapoor discovered that Dogtag PKI could renew a certificate without proper authentication. An attacker could possibly use this to repeatedly renew a compromised certificate and maintain unauthorized access to a system or resource...

MiracleLinux 8 : pki-deps:10.6 (AXSA:2021-1599:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1599:01 advisory. jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 bootstrap: XSS in the data-target attribute CVE-2016-10735 bootstrap:...

The vulnerability of the PKI mechanism in HashiCorp’s Vault and Vault Enterprise, a platform for archiving corporate information, allows a perpetrator to trigger a service failure.

The vulnerability of the PKI mechanism in HashiCorp’s Vault and Vault Enterprise platforms for archiving corporate information is related to improper authentication. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Alibaba Cloud Linux 3 : 0037: pki-core:10.6 (ALINUX3-SA-2021:0037)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0037 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-11023: In jQuery versions greater...

CVE-2024-6156

Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store...