Vulnerabilities

CVE-2021-3908

November 16, 2021

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

Summary:

OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.

Reference Links(if available):

https://github.com/cloudflare/cfrpki/security/advisories/GHSA-g5gj-9ggf-9vmq

CVSS Score (if available)

v2: / MEDIUM

v3: /

Links to Exploits(if available)

CISA

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

November 22, 2024

[RANSOMHUB] – Ransomware Victim: blr[.]com

November 22, 2024

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

November 22, 2024

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

November 22, 2024

[CHORT] – Ransomware Victim: sheboyganwi[.]gov

November 22, 2024

Summary:

Reference Links(if available):

CVSS Score (if available)

Links to Exploits(if available)

You may have missed

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

[RANSOMHUB] – Ransomware Victim: blr[.]com

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

[CHORT] – Ransomware Victim: sheboyganwi[.]gov