129 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-3907
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OctoRPKI does not escape a URI with a filename containing .., this allows a repository to create a file, ex...
EUVD-2021-2322
Malware in sbrugna...
EUVD-2021-2346
Malware in sbrugna...
EUVD-2021-2404
Malware in sbrugna...
EUVD-2021-2304
Malware in sbrugna...
EUVD-2021-2338
Malware in sbrugna...
EUVD-2021-2345
Malware in sbrugna...
EUVD-2021-2286
Malware in sbrugna...
EUVD-2022-7146
Malicious code in bioql PyPI...
CVE-2022-3616
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya Shulman - Fraunhofer...
CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
Linux Distros Unpatched Vulnerability : CVE-2021-3909
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the...
CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
UBUNTU-CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
CVE-2021-3978 Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
CVE-2021-3978
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
CVE-2021-3978 Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service this could allow for a vector, when...
GO-2022-1089 OctoRPKI crashes when max iterations is reached in github.com/cloudflare/cfrpki
OctoRPKI crashes when max iterations is reached in github.com/cloudflare/cfrpki...
GO-2022-0580 Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki in github.com/cloudflare/cfrpki
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki in github.com/cloudflare/cfrpki...