Fedora 43 : rpki-client (2026-27892c9184)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-27892c9184 advisory. rpki-client 9.8 - Various refactoring for improved compatibility with various libcrypto implementations and in CA/BGPsec certificate handling. - Fixed an...

EUVD-2021-2309

Malware in sbrugna...

EUVD-2023-43614

Malicious code in bioql PyPI...

EUVD-2021-30119

Malicious code in bioql PyPI...

EUVD-2023-12248

Malicious code in bioql PyPI...

EUVD-2022-4484

Malicious code in bioql PyPI...

Fedora 40 : rust-routinator (2025-46db4ee37e)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-46db4ee37e advisory. New ASPA support is now always compiled in and available if enable-aspa is set. The aspa Cargo feature has been removed. 990 If merging mutliple ASPA objects...

NULL Pointer Dereference

Fort is vulnerable to NULL Pointer Dereference. The vulnerability is caused due to a malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field which For...

CVE-2024-45235

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizi...

UBUNTU-CVE-2024-45234

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics...

NLnet Labs’ Routinator vulnerable to path traversal

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructe...

CVE-2023-39916

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The...

CVE-2023-39916

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The...

Path traversal

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructe...

routinator -- Possible path traversal when storing RRDP responses

[email protected] reports: NLnet Labs Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these store...

PT-2023-27151

Name of the Vulnerable Software and Affected Versions Routinator versions 0.9.0 through 0.12.1 Description The issue concerns a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature of Routinator. This feature allows users to store the content of...

FreeBSD : net/krill -- DoS vulnerability (7844789a-9b1f-11ed-9a3f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7844789a-9b1f-11ed-9a3f-b42e991fc52e advisory. - NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web serve...

CVE-2023-0158

NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to...

Code injection

NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to...

CVE-2023-0158 Triggered crash on direct RRDP access

NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to...