pkg:Debian/dogtag-pki

17 total CVEsHIGH7MEDIUM10

✅ Check your installed version

All known vulnerabilities

  • HIGH8.1CVE-2021-20179A flaw was found in pki-core.
    from 0, < 10.10.2-2
  • HIGH8.1CVE-2018-1080Dogtag PKI, through version 10.6.1, has a vulnerability in AAclAuthz.java that, under certain configurations, causes the application of ACL…
    from 0, < 10.6.6-1
  • HIGH7.8CVE-2021-3551A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log f…
    from 0
  • HIGH7.5CVE-2023-4727A flaw was found in dogtag-pki and pki-core.
    from 0
  • HIGH7.5CVE-2022-2414Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks.
    from 0
  • HIGH7.5CVE-2017-7537It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package befo…
    from 0, < 10.3.5+12-5
  • HIGH7.5CVE-2015-0234Multiple temporary file creation vulnerabilities in pki-core 10.2.0.
    from 0
  • MEDIUM6.8CVE-2020-15720In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation.
    from 0, < 10.9.1-1
  • MEDIUM6.1CVE-2020-25715A flaw was found in pki-core 10.9.0.
    from 0
  • MEDIUM6.1CVE-2020-1721A flaw was found in the Key Recovery Authority (KRA) Agent Service in pki-core 10.10.5 where it did not properly sanitize the recovery ID d…
    from 0, < 10.9.1-1
  • MEDIUM6.1CVE-2019-10221A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server.
    from 0, < 10.9.1-1
  • MEDIUM6.1CVE-2019-10179A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize r…
    from 0, < 10.9.1-1
  • MEDIUM6.1CVE-2019-10178It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cr…
    from 0
  • MEDIUM5.7CVE-2022-2393A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication i…
    from 0
  • MEDIUM5.4CVE-2020-1696A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs,…
    from 0
  • MEDIUM4.8CVE-2019-10180A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parame…
    from 0
  • MEDIUM4.7CVE-2019-10146A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service…
    from 0, < 10.9.1-1