Lucene search
+L

186 matches found

Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.5 views

PT-2024-31493

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing an Authority Key Identifier extension that lacks t...

9.8CVSS6.7AI score0.00481EPSS
Exploits0References34
Debian CVE
Debian CVE
added 2024/08/24 12:0 a.m.48 views

CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

7.5CVSS5.3AI score0.00481EPSS
Exploits0
CNNVD
CNNVD
added 2024/08/24 12:0 a.m.5 views

FORT Validator 安全漏洞

FORT Validator is a NICMx open source RPKI dependency and RTR server. A security vulnerability exists in FORT Validator versions prior to 1.6.3, which stems from dereferencing a pointer without first cleaning it up...

7.5CVSS6.3AI score0.00481EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.6 views

PT-2024-31496

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve an ROA or a Manifest containing a null eContent field via rsync or RRDP. Fort...

9.8CVSS6.8AI score0.00481EPSS
Exploits0References35
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.4 views

PT-2024-31494

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a signed object containing an empty signedAttributes field via rsync or RRDP. Fort...

9.8CVSS6.8AI score0.00481EPSS
Exploits0References34
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.3 views

PT-2024-31495

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve a resource certificate containing a bit string that doesn't properly decode into a...

9.8CVSS6.6AI score0.00481EPSS
Exploits0References36
Vulnrichment
Vulnrichment
added 2024/08/24 12:0 a.m.10 views

CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

7.1AI score0.00481EPSS
Exploits0References1
CVE
CVE
added 2024/08/24 12:0 a.m.85 views

CVE-2024-45239

Summary of CVE-2024-45239 (Fort Validator): Fort before 1.6.3 is vulnerable when parsing certain RPKI repository data. A malicious RPKI repository descending from a trusted Trust Anchor can serve an ROA or a Manifest containing a null eContent field, which Fort dereferences without sanitizing, ca...

7.5CVSS6.9AI score0.00481EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/24 12:0 a.m.34 views

CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

0.00481EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2024/08/24 12:0 a.m.38 views

CVE-2024-45237

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...

9.8CVSS5.8AI score0.00356EPSS
Exploits0
CVE
CVE
added 2024/08/24 12:0 a.m.63 views

CVE-2024-45235

Fort validator (prior to 1.6.3) is affected by CVE-2024-45235 due to processing an Authority Key Identifier extension in a resource certificate that lacks the keyIdentifier field, which can cause a crash and lead to Route Origin Validation unavailability and potentially compromised routing. Conne...

7.5CVSS6.9AI score0.00305EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/24 12:0 a.m.6 views

PT-2024-31492

Name of the Vulnerable Software and Affected Versions Fort versions prior to 1.6.3 Description An issue was discovered in Fort where a malicious RPKI repository that descends from a trusted Trust Anchor can serve an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This...

9.8CVSS6.9AI score0.00481EPSS
Exploits0References34
OSV
OSV
added 2024/08/24 12:0 a.m.15 views

CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

7.5CVSS6.6AI score0.00305EPSS
Exploits0References4
OSV
OSV
added 2024/08/24 12:0 a.m.14 views

CVE-2024-45235

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizi...

7.5CVSS6.6AI score0.00305EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/08/24 12:0 a.m.37 views

CVE-2024-45235

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizi...

7.5CVSS5.3AI score0.00305EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2024/04/04 3:24 a.m.10 views

agendalink.co.fort-bend.tx.us Cross Site Scripting vulnerability OBB-3899168

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/22 2:59 a.m.3 views

agendalink.co.fort-bend.tx.us Cross Site Scripting vulnerability OBB-3883496

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/20 10:43 p.m.4 views

agendalink.co.fort-bend.tx.us Cross Site Scripting vulnerability OBB-3881223

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/17 5:33 p.m.6 views

agendalink.co.fort-bend.tx.us Cross Site Scripting vulnerability OBB-3874865

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/14 4:5 a.m.5 views

agendalink.co.fort-bend.tx.us Cross Site Scripting vulnerability OBB-3870975

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Rows per page
Query Builder