Lucene search
K

178 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.9 views

Fedora 45 : rust-fern / rust-ifcfg-devname / rust-routinator / rust-rpki / etc (2026-188f731254)

The remote Fedora 45 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2026-188f731254 advisory. Update routinator to the latest, pulling in updated dependencies rpki and syslog, and switch fern to using syslog 7 instead of 6 for this update, an...

9.3CVSS6.7AI score0.00549EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-49234

A flaw was found in Routinator. A remote attacker, with access to the API from untrusted networks, could send a specially crafted non-UTF-8 string as a query parameter to the /api/v1/origins endpoint. This action would cause the Routinator application to crash, leading to a denial of service DoS...

8.2CVSS5.9AI score0.00259EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.12 views

CVE-2026-49233

A flaw was found in Routinator. This vulnerability allows a remote attacker to perform path traversal by crafting a malicious rsync URI module name containing '..'. This improper check of the module component can lead to unauthorized access to the entire Routinator rsync cache, resulting in...

8.3CVSS5.9AI score0.00433EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.11 views

CVE-2026-49232

A flaw was found in Routinator. A remote attacker can exploit this vulnerability by opening a large number of connections to the HTTP or RTR Resource Public Key Infrastructure RPKI to Router server. This can cause Routinator to exit, leading to a Denial of Service DoS for affected services. This...

8.7CVSS5.9AI score0.00333EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.12 views

CVE-2026-49235

A flaw was found in Routinator. A remote attacker could exploit this vulnerability by providing a specially crafted Document Type Definition DTD file through the Relying Party RPKI Data Protocol RRDP. This could lead to Routinator crashing, resulting in a Denial of Service DoS for the affected...

8.7CVSS5.9AI score0.00358EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 3:33 p.m.7 views

GHSA-5QF9-CF9C-HJC6 Routinator crashes when encountering maliciously crafted RRDP XML files

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS5.2AI score0.00358EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 3:33 p.m.7 views

GHSA-33MJ-99MG-8G73 Routinator has cache path traversal when processing the module component of rsync URIs

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.2AI score0.00433EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/08 3:33 p.m.13 views

Routinator crashes when encountering maliciously crafted RRDP XML files

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS5.2AI score0.00358EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/08 3:33 p.m.10 views

Routinator crashes when sending a maliciously crafted select-asn query parameter

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS5.2AI score0.00259EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/08 3:33 p.m.10 views

Routinator has cache path traversal when processing the module component of rsync URIs

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.2AI score0.00433EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/08 3:33 p.m.12 views

GHSA-GC6Q-CWCJ-3VH9 Routinator crashes when sending a maliciously crafted select-asn query parameter

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS5.3AI score0.00259EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 3:16 p.m.17 views

CVE-2026-49235

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS0.00358EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 3:16 p.m.14 views

CVE-2026-49234

When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks...

8.2CVSS0.00259EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 3:16 p.m.1 views

CVE-2026-49235

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

7.5CVSS5.9AI score0.00358EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 3:16 p.m.13 views

CVE-2026-49233

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS0.00433EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 3:16 p.m.14 views

CVE-2026-49232

Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously by an attacker by opening a large number of connections to the HTTP or RTR server. This only affec...

8.7CVSS0.00333EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 3:16 p.m.1 views

CVE-2026-49233

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

7.5CVSS5.9AI score0.00433EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 12:59 p.m.6 views

CVE-2026-49235

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS5.4AI score0.00358EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 12:59 p.m.12 views

EUVD-2026-35065

When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes...

8.7CVSS5.4AI score0.00358EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 12:59 p.m.50 views

CVE-2026-49235

CVE-2026-49235 affects Routinator. According to the connected CVE entry, processing an RRDP file with a specifically crafted Document Type Definition (DTD) causes Routinator to crash. The CVSSv4.0 vector indicates high impact on availability (V AV:N/AC:L/VI:N/VA:H) with no confidentiality or inte...

8.7CVSS5.4AI score0.00358EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder