Search
Search Results (67 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10178 | 2 Dogtagpki, Redhat | 3 Dogtagpki, Certificate System, Certificate System Eus | 2024-11-21 | 4.6 Medium |
| It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable. | ||||
| CVE-2017-7509 | 1 Redhat | 1 Certificate System | 2024-11-21 | N/A |
| An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service. | ||||
| CVE-2012-4556 | 1 Redhat | 1 Certificate System | 2024-08-06 | N/A |
| The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certain unspecified empty search fields in a user certificate search query. | ||||
| CVE-2012-4543 | 1 Redhat | 2 Certificate System, Enterprise Linux | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSize to the displayCRL script, or (3) nonce variable to the profileProcess script. | ||||
| CVE-2012-4555 | 1 Redhat | 1 Certificate System | 2024-08-06 | N/A |
| The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors. | ||||
| CVE-2012-3367 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2024-08-06 | N/A |
| Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System does not properly check certificate revocation requests made through the web interface, which allows remote attackers with permissions to revoke end entity certificates to revoke the Certificate Authority (CA) certificate. | ||||
| CVE-2012-2662 | 1 Redhat | 3 Certificate System, Dogtag Certificate System, Enterprise Linux | 2024-08-06 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to the (1) System Agent or (2) End Entity pages. | ||||