← Back

Pesign

pesign

Vendor: Pesign Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-3560
3Fedoraproject
Pesign ProjectRedhat
3Enterprise Linux
FedoraPesign
Mar 26, 2025
Feb 2, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privi...Show more
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.Show less
CVE-2022-1249
1Pesign Project
1Pesign
Nov 21, 2024
Apr 29, 2022
N/A· v4
3.3 LOW· v3
2.1 LOW· v2
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereferenc...Show more
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.Show less