Vulnerabilities (CVE)

Filtered by vendor Pesign Project Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-3560 3 Fedoraproject, Pesign Project, Redhat 3 Fedora, Pesign, Enterprise Linux 2024-11-21 N/A 5.5 MEDIUM
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.
CVE-2022-1249 1 Pesign Project 1 Pesign 2024-11-21 2.1 LOW 3.3 LOW
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.