3 matches found
MiracleLinux 9 : nss-3.79.0-17.el9 (AXSA:2023-5231:02)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-5231:02 advisory. nss: Arbitrary memory write via PKCS 12 CVE-2023-0767 Bug Fixes: In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the...
CVE-2024-36066
The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for message integrity and authentication the...
EJBCA 安全漏洞
EJBCA is an open source Public Key Infrastructure PKI and Certificate Authority CA software from Keyfactor Open Source. A security vulnerability exists in EJBCA versions prior to 8.3.1 that stems from the length of the salt value in the CMP CLI client does not comply with the security requirement...