Lucene search
K

33 matches found

Fedora
Fedora
added 2026/01/22 1:8 a.m.6 views

[SECURITY] Fedora 43 Update: rpki-client-9.7-1.fc43

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

5.9AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-41380

Malicious code in bioql PyPI...

7.5CVSS6.3AI score0.00481EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.8 views

CVE-2024-45237

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...

9.8CVSS6.9AI score0.00356EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:31 a.m.12 views

CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

7.5CVSS6.7AI score0.00481EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:30 a.m.10 views

CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

7.5CVSS6.7AI score0.00481EPSS
Exploits0
OSV
OSV
added 2024/12/22 12:0 a.m.7 views

CVE-2024-56375

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...

7.5CVSS6.7AI score0.00442EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/12/22 12:0 a.m.26 views

CVE-2024-56375

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...

0.00442EPSS
Exploits0References2
CVE
CVE
added 2024/12/22 12:0 a.m.82 views

CVE-2024-56375

CVE-2024-56375 affects Fort Validator Fort 1.6.3 and 1.6.4 (before 1.6.5). A malicious RPKI repository can serve a Manifest RPKI object with an empty fileList. An integer underflow causes the surrounding loop to iterate infinitely, dereferencing an array that effectively doesn’t exist and leading...

7.5CVSS7.1AI score0.00442EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/12/22 12:0 a.m.9 views

CVE-2024-56375

An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a Manifest RPKI object containing an empty fileList. Fort dereferences and, shortly afterwards, writes to this array during a...

7.5CVSS5.3AI score0.00442EPSS
Exploits0
Veracode
Veracode
added 2024/08/27 8:23 p.m.5 views

NULL Pointer Dereference

Fort is vulnerable to NULL Pointer Dereference. The vulnerability is caused due a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. When compiled wi...

7.5CVSS6.5AI score0.00305EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/08/27 8:23 p.m.8 views

Denial Of Service (DOS)

Fort is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field which Fort accesses without sanitizing it first. Because For...

7.5CVSS6.7AI score0.00481EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/24 11:15 p.m.13 views

CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

7.5CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2024/08/24 11:15 p.m.11 views

CVE-2024-45237

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...

9.8CVSS6.9AI score
Exploits0References2
NVD
NVD
added 2024/08/24 11:15 p.m.25 views

CVE-2024-45237

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without...

9.8CVSS0.00356EPSS
Exploits0References2
NVD
NVD
added 2024/08/24 11:15 p.m.29 views

CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

7.5CVSS0.00305EPSS
Exploits0References2
OSV
OSV
added 2024/08/24 11:15 p.m.4 views

UBUNTU-CVE-2024-45235

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizi...

7.5CVSS5.8AI score0.00305EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/08/24 11:15 p.m.10 views

CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

7.5CVSS5.9AI score0.00305EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/08/24 11:15 p.m.22 views

CVE-2024-45234

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...

7.5CVSS5.9AI score0.00452EPSS
Exploits0References3
OSV
OSV
added 2024/08/24 11:15 p.m.4 views

UBUNTU-CVE-2024-45239

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, ...

7.5CVSS5.8AI score0.00481EPSS
Exploits0References4
OSV
OSV
added 2024/08/24 11:15 p.m.5 views

UBUNTU-CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

7.5CVSS5.8AI score0.00481EPSS
Exploits0References4
Rows per page
Query Builder