10 matches found
CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation...
CVE-2026-28681
CVE-2026-28681 affects Internet Routing Registry daemon (IRRd) versions 4.4.0–4.4.5 and 4.5.0–4.5.1. The flaw is a host header injection in web UI password reset/account creation flows: an attacker can manipulate the HTTP Host header, causing the confirmation link in the email to point to an atta...
CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation...
EUVD-2022-0127
Malicious code in bioql PyPI...
CVE-2022-24798
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...
PYSEC-2022-178
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...
CVE-2022-24798 Insufficient password hash filtering in some IRRd queries and exports
Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. IRRd did not always filter password hashes in query responses relating to mntner objects and database exports. This may have allowed adversaries to retrieve some of these hashes, perfo...
CVE-2022-24798
CVE-2022-24798 affects Internet Routing Registry daemon (IRRd) v4 where password hashes could be exposed in query responses for mntner objects and database exports. Root cause: insufficient filtering of password hashes in IRRd’s output. Affected products/versions: IRRd 4.2.x (mirrors not affected...
Internet Routing Registry Daemon 安全漏洞
Internet Routing Registry Daemon IRRd is a routing registry daemon. A security vulnerability exists in Internet Routing Registry Daemon, which stems from the fact that IRRd does not always filter password hashes in query responses related to "mntner" objects and database exports. An attacker coul...
The Internet is Held Together With Spit & Baling Wire
A visualization of the Internet made using network routing data. Image: Barrett Lyon, opte.org. Imagine being able to disconnect or redirect Internet traffic destined for some of the worlds biggest companies -- just by spoofing an email. This is the nature of a threat vector recently removed by a...