Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-30119

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.01434EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12248

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00702EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/01/17 12:0 a.m.22 views

CVE-2023-0158 Triggered crash on direct RRDP access

NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Prior to 0.12.1 a direct query for any existing directory under "/rrdp/", rather than an RRDP file such as "/rrdp/notification.xml" as would be expected, causes Krill to...

7.8AI score0.00702EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2022/01/05 12:0 a.m.29 views

FreeBSD : routinator -- multiple vulnerabilities (9c990e67-6e30-11ec-82db-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 9c990e67-6e30-11ec-82db-b42e991fc52e advisory. - NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of...

7.5CVSS7.4AI score0.01434EPSS
Exploits0References5
Veracode
Veracode
added 2021/12/28 6:2 p.m.23 views

Inconsistent Validation

NLnet Labs Routinato has inconsistent validation. A validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value f...

7.5CVSS1.5AI score0.01434EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2021/11/09 5:15 p.m.17 views

CVE-2021-43173

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...

7.5CVSS7.4AI score0.01434EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2021/11/09 5:15 p.m.18 views

CVE-2021-43172

NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. In RPKI, a CA can choose the RRDP repository it wishes to publish its data in. By continuously generating a new child CA that only consists of anoth...

7.5CVSS7.1AI score0.01434EPSS
Exploits0References3
Prion
Prion
added 2021/11/09 5:15 p.m.20 views

Design/Logic Flaw

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...

5CVSS7.4AI score0.01434EPSS
Exploits0References3Affected Software2
UbuntuCve
UbuntuCve
added 2021/11/09 5:15 p.m.20 views

CVE-2021-43173

In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. This can be used to effectively stall validation. While Routinator has a configurable time-out value for RRDP...

7.5CVSS7AI score0.01434EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2021/11/09 5:15 p.m.21 views

CVE-2021-43174

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-memory crash in these versions of Routinator. RRDP uses XML which allows arbitrary amounts of whi...

7.5CVSS7.1AI score0.01434EPSS
Exploits0References3
CVE
CVE
added 2021/11/09 4:41 p.m.85 views

CVE-2021-43173

CVE-2021-43173 concerns NLnet Labs Routinator prior to 0.10.2. A validation run can be stalled by an RRDP repository that slowly drip-feeds bytes, exploiting the misapplied timeout (applied to individual reads/writes, not the whole request). This can cause validation to be delayed for so long tha...

7.5CVSS7.4AI score0.01434EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2020/11/13 5:28 p.m.16 views

GHSA-Q76J-58CX-WP5V Vulnerability in RPKI manifest validation

A vulnerability in RPKI manifest validation exists when objects on the manifest are hidden, or expired objects are replayed. An attacker successfully exploiting this vulnerability could prevent new ROAs from being received or selectively hide ROAs, causing routes to become INVALID. To exploit thi...

7.4CVSS7.4AI score0.00907EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2020/11/13 5:28 p.m.52 views

Vulnerability in RPKI manifest validation

A vulnerability in RPKI manifest validation exists when objects on the manifest are hidden, or expired objects are replayed. An attacker successfully exploiting this vulnerability could prevent new ROAs from being received or selectively hide ROAs, causing routes to become INVALID. To exploit thi...

1.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder