13 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

02 Oct 2020 — An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. Se detectó un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig. Un atacante remoto no autenticado podría causar una doble liberación, conllevando a un bloqueo... • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html • CWE-415: Double Free •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

02 Oct 2020 — An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. Se detectó un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig. Un atacante no autenticado remoto puede causar una denegación de servicio mediante el envío de consultas diseñadas con una firma GSS-TSIG • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

02 Oct 2020 — An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. Se detectó un problema en PowerDNS Authoritative versiones hasta 4.3.0, cuando es usado --enable-experimental-gss-tsig. Un atacante no autenticado remoto puede desencadenar una condición de carrera conllevando a un bloqueo... • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

02 Oct 2020 — An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Se ha encontrado un problema en PowerDNS Authoritative Server versiones anteriores a 4.3.1, donde un usuario autorizado con la capacidad de insertar registros diseñados en una zona podría filtrar el contenido de la memoria no inicializada Wei Hao discovered that PowerDNS Authoritative Server incorrectl... • https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html • CWE-908: Use of Uninitialized Resource •

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

23 Jun 2019 — A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify. Se ha detectado una vulnerabilidad en Authoritative Server de PowerDNS anterior a versiones 4.1.10, 4.0.... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

23 Jun 2019 — A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. Se ha detectado una vulnerabilidad en Authoritative Server de PowerDNS anterior a versiones 4.1.9, 4.0.8, que permite a un servidor maestro autorizado y remoto causar una alta ca... • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

29 Nov 2018 — PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. PowerDNS Authoritative Server desde la versión 3.3.0 hasta la 4.1.4 excluyendo las versiones 4.1.5 y 4.0.6, y PowerDNS Recursor desde la versión 3.2 hasta la 4.1.4 excluyendo las versiones 4.1.5 y 4.0.9, son vulnerables a una fuga de memoria cuando se analizan regi... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851 • CWE-400: Uncontrolled Resource Consumption CWE-772: Missing Release of Resource after Effective Lifetime •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

23 Jan 2018 — An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY. Se ha descubierto un problema en el componente API de PowerDNS Authoritative 4... • http://www.securityfocus.com/bid/101982 • CWE-358: Improperly Implemented Security Check for Standard CWE-863: Incorrect Authorization •

CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0

15 Jan 2017 — An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack. Se ha descubierto un problema en PowerDNS en versiones anteriores a la 3.4.11 y 4.0.2, y PowerDNS recursor en versiones anteriores a la 4.0.4, lo que permite q... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

15 Jan 2017 — An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary. Se ha encontrado un problema en PowerDNS Authoritative Server en versiones hast... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2120 • CWE-190: Integer Overflow or Wraparound •