Page 3 of 68 results (0.014 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. Se detectó un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig. Un atacante remoto no autenticado podría causar una doble liberación, conllevando a un bloqueo o posiblemente una ejecución de código arbitraria. Mediante el envío de consultas diseñadas con una firma GSS-TSIG • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html • CWE-415: Double Free •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. Se detectó un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig. Un atacante no autenticado remoto puede causar una denegación de servicio mediante el envío de consultas diseñadas con una firma GSS-TSIG • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. Se detectó un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig. Un atacante no autenticado remoto puede desencadenar una condición de carrera conllevando a un bloqueo, o posiblemente a una ejecución de código arbitraria, mediante el envío de consultas diseñadas con una firma GSS-TSIG • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Se ha encontrado un problema en PowerDNS Authoritative Server versiones anteriores a 4.3.1, donde un usuario autorizado con la capacidad de insertar registros diseñados en una zona podría filtrar el contenido de la memoria no inicializada • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html https://github.com/PowerDNS/pdns https://security.gentoo.org/glsa/202012-18 • CWE-908: Use of Uninitialized Resource •

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0

In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. En PowerDNS Recursor versiones hasta 4.3.1, 4.2.2 y 4.1.16 incluyéndola, la ACL que restringe el acceso al servidor web interno no se aplica correctamente • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00043.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00044.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00036.html https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-04.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7TUNCUZNASYSTVD35QGFAI6XO2BFMQ2F https://www. • CWE-863: Incorrect Authorization •