CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-27227
https://notcve.org/view.php?id=CVE-2022-27227
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. En PowerDNS Authoritative Server versiones anteriores a 4.4.3, versiones 4.5.x anteriores a 4.5.4 y versiones4.6.x anteriores a 4.6.1 y PowerDNS Recursor versiones anteriores a 4.4.8, versiones 4.5.x anteriores a 4.5.8 y versiones 4.6.x anteriores a 4.6.1, una comprobación insuficiente de una condición de fin de IXFR causa que las transferencias de zona incompletas sean manejadas como transferencias con éxito • http://www.openwall.com/lists/oss-security/2022/03/25/1 https://doc.powerdns.com/authoritative/security-advisories/index.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html https://docs.powerdns.com/recursor/security-advisories/index.html https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-01.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QKN56VWXUVFOYGUN75N5IRNK66OHTHT https://lists.fedoraproject.org&# •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2021-36754
https://notcve.org/view.php?id=CVE-2021-36754
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception. PowerDNS Authoritative Server versiones 4.5.0 anteriores a 4.5.1, permite a cualquiera bloquear el proceso mediante el envío de una consulta específica (QTYPE 65535) que causa una excepción fuera de límites • http://www.openwall.com/lists/oss-security/2021/07/26/2 https://doc.powerdns.com/authoritative/security-advisories/index.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2021-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24698
https://notcve.org/view.php?id=CVE-2020-24698
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. Se detectó un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig. Un atacante remoto no autenticado podría causar una doble liberación, conllevando a un bloqueo o posiblemente una ejecución de código arbitraria. Mediante el envío de consultas diseñadas con una firma GSS-TSIG • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24697
https://notcve.org/view.php?id=CVE-2020-24697
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. Se detectó un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig. Un atacante no autenticado remoto puede causar una denegación de servicio mediante el envío de consultas diseñadas con una firma GSS-TSIG • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-24696
https://notcve.org/view.php?id=CVE-2020-24696
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. Se detectó un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig. Un atacante no autenticado remoto puede desencadenar una condición de carrera conllevando a un bloqueo, o posiblemente a una ejecución de código arbitraria, mediante el envío de consultas diseñadas con una firma GSS-TSIG • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •