By the Year
In 2023 there have been 1 vulnerability in Pesignproject Pesign with an average score of 5.5 out of ten. Last year Pesign had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Pesign in 2023 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2023 is greater by 2.20.
It may take a day or so for new Pesign vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pesignproject Pesign Security Vulnerabilities
A flaw was found in pesign
5.5 - Medium
- February 02, 2023
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file
3.3 - Low
- April 29, 2022
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.
NULL Pointer Dereference
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pesignproject Pesign or by Pesignproject? Click the Watch button to subscribe.