CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7072 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7072
15 Jan 2017 — An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it migh... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7073 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7073
15 Jan 2017 — An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack. Se ha descubierto un problema en PowerDNS en versiones anteriores a la 3.4.11 y 4.0.2, y PowerDNS recursor en versiones anteriores a la 4.0.4, lo que permite q... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-7074 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7074
15 Jan 2017 — An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature. Se ha descubierto un problema en PowerDNS en versiones anteriores a la 3.4.11 y 4.0.2, y PowerDNS recursor en versiones anteriores... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074 • CWE-20: Improper Input Validation •