Pesign Pesignproject Pesign

Do you want an email whenever new security vulnerabilities are reported in Pesignproject Pesign?

By the Year

In 2024 there have been 0 vulnerabilities in Pesignproject Pesign . Last year Pesign had 1 security vulnerability published. Right now, Pesign is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 5.50
2022 1 3.30
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Pesign vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Pesignproject Pesign Security Vulnerabilities

A flaw was found in pesign

CVE-2022-3560 5.5 - Medium - February 02, 2023

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

Directory traversal

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file

CVE-2022-1249 3.3 - Low - April 29, 2022

A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.

NULL Pointer Dereference

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Pesignproject Pesign or by Pesignproject? Click the Watch button to subscribe.

subscribe