VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Dogtagpki
>
Dogtagpki
> 10.8.3
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2022-07-29
CVE-2022-2414
XXE vulnerability in Dogtagpki
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks.
network
low complexity
dogtagpki
CWE-611
7.5
7.5
2021-03-15
CVE-2021-20179
A flaw was found in pki-core.
network
low complexity
dogtagpki
redhat
fedoraproject
8.1
8.1
2020-07-14
CVE-2020-15720
Improper Certificate Validation vulnerability in Dogtagpki
In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation.
network
high complexity
dogtagpki
CWE-295
6.8
6.8
2020-03-31
CVE-2019-10180
A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability.
network
low complexity
dogtagpki
redhat
4.8
4.8
2020-03-20
CVE-2020-1696
A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed.
network
low complexity
redhat
dogtagpki
5.4
5.4
2020-03-20
CVE-2019-10221
Cross-site Scripting vulnerability in multiple products
A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server.
network
low complexity
redhat
dogtagpki
CWE-79
6.1
6.1
2020-03-20
CVE-2019-10179
A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability.
network
low complexity
redhat
dogtagpki
6.1
6.1