CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14663
https://notcve.org/view.php?id=CVE-2018-14663
26 Nov 2018 — An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14663 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7069
https://notcve.org/view.php?id=CVE-2016-7069
11 Sep 2018 — An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding the response to the initial client. On a 32-bit system, the pointer arithmetic used when parsing the received response to remove that record might trigger an undefined behavior leading to a crash. Se ha descubierto un problema en dns... • http://www.securityfocus.com/bid/100509 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7557
https://notcve.org/view.php?id=CVE-2017-7557
22 Aug 2017 — dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. dnsdist versión 1.1.0 es vulnerable a un error en el mecanismo de autenticación para la API REST, permitiendo potencialmente ataques de tipo Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/100508 • CWE-287: Improper Authentication CWE-352: Cross-Site Request Forgery (CSRF) •