Lucene search

K

6 matches found

CVE
CVE
added 2013/01/04 10:55 p.m.64 views

CVE-2012-4543

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script.

4.3CVSS5.5AI score0.00238EPSS
CVE
CVE
added 2012/08/13 8:55 p.m.54 views

CVE-2012-2662

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages.

4.3CVSS5.6AI score0.00238EPSS
CVE
CVE
added 2010/11/17 4:0 p.m.48 views

CVE-2010-3869

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.

4CVSS6.5AI score0.00197EPSS
CVE
CVE
added 2013/01/04 10:55 p.m.46 views

CVE-2012-4555

The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspec...

4CVSS6.7AI score0.00376EPSS
CVE
CVE
added 2012/08/13 8:55 p.m.45 views

CVE-2012-3367

Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate.

5.5CVSS6.8AI score0.004EPSS
CVE
CVE
added 2010/11/17 4:0 p.m.44 views

CVE-2010-3868

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authorit...

5.8CVSS7AI score0.00277EPSS