Filtered by vendor Pesign Project Subscriptions
Filtered by product Pesign Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-3560 3 Fedoraproject, Pesign Project, Redhat 7 Fedora, Pesign, Enterprise Linux and 4 more 2024-11-21 5.5 Medium
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.
CVE-2022-1249 1 Pesign Project 1 Pesign 2024-11-21 3.3 Low
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.