Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
certificate system vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-42069
Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability.
Online Birth Certificate Management System Project Online Birth Certificate Management System 1.0
7.5
CVSSv3
CVE-2021-4213
A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an malicious user to force the invocation of an out-of-memory process, causing a denial of servi...
Dogtagpki Network Security Services For Java
Redhat Enterprise Linux 8.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-32455
In BIG-IP Versions 16.1.x prior to 16.1.2.2, 15.1.x prior to 15.1.6.1, 14.1.x prior to 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed...
F5 Big-ip Analytics
F5 Big-ip Access Policy Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Security Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
7.5
CVSSv3
CVE-2022-2414
Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote malicious user to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
Dogtagpki Dogtagpki 10.5.18
Dogtagpki Dogtagpki 10.7.4
Dogtagpki Dogtagpki 10.8.3
Dogtagpki Dogtagpki 10.11.2
Dogtagpki Dogtagpki 10.12.4
Dogtagpki Dogtagpki 11.0.5
Dogtagpki Dogtagpki 11.1.0
4 Github repositories
6.8
CVSSv3
CVE-2022-32960
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbi...
Hinet Hicos Natural Person Credential Component Client 3.1.0.00002
Hinet Hicos Natural Person Credential Component Client 3.0.3.30306
Hinet Hicos Natural Person Credential Component Client 3.0.3.30404
6.8
CVSSv3
CVE-2022-32959
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute a...
Hinet Hicos Natural Person Credential Component Client 3.1.0.00002
Hinet Hicos Natural Person Credential Component Client 3.0.3.30306
Hinet Hicos Natural Person Credential Component Client 3.0.3.30404
6.8
CVSSv3
CVE-2022-32961
HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execut...
Hinet Hicos Natural Person Credential Component Client 3.1.0.00002
Hinet Hicos Natural Person Credential Component Client 3.0.3.30306
Hinet Hicos Natural Person Credential Component Client 3.0.3.30404
6.8
CVSSv3
CVE-2022-32962
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
Hinet Hicos Natural Person Credential Component Client 3.1.0.00002
Hinet Hicos Natural Person Credential Component Client 3.0.3.30306
Hinet Hicos Natural Person Credential Component Client 3.0.3.30404
5.7
CVSSv3
CVE-2022-2393
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but...
Pki-core Project Pki-core
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
Redhat Certificate System 9.0
Redhat Certificate System 10.0
Redhat Enterprise Linux 9.0
5.3
CVSSv3
CVE-2022-2097
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of...
Openssl Openssl
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Active Iq Unified Manager -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Debian Debian Linux 10.0
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »