FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
61d89849-43cb-11eb-aba5-00a09858faf5powerdns -- Various issues in GSS-TSIG support

PowerDNS developers report:

A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.

A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.

A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution by sending crafted queries with a GSS-TSIG signature.


Discovery 2020-08-27
Entry 2020-12-21
powerdns
< 4.4.0

CVE-2020-24696
CVE-2020-24697
CVE-2020-24698
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
1c21f6a3-9415-11e9-95ec-6805ca2fa271powerdns -- multiple vulnerabilities

PowerDNS Team reports:

CVE-2019-10162: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

CVE-2019-10163: An issue has been found in PowerDNS Authoritative Server allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.


Discovery 2019-06-21
Entry 2019-06-21
powerdns
< 4.1.10

https://doc.powerdns.com/authoritative/changelog/4.1.html#change-4.1.10
CVE-2019-10162
CVE-2019-10163
b371db92-fe34-11ea-b90e-6805ca2fa271powerdns -- Leaking uninitialised memory through crafted zone records

PowerDNS Team reports

CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR.


Discovery 2020-09-22
Entry 2020-09-24
powerdns
ge 4.3.0 lt 4.3.1

ge 4.2.0 lt 4.2.3

ge 4.1.0 lt 4.1.14

https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
CVE-2020-17482
6001cfc6-9f0f-4fae-9b4f-9b8fae001425PowerDNS -- Insufficient validation in the HTTP remote backend

PowerDNS developers report:

An issue has been found in PowerDNS Authoritative Server when the HTTP remote backend is used in RESTful mode (without post=1 set), allowing a remote user to cause the HTTP backend to connect to an attacker-specified host instead of the configured one, via a crafted DNS query. This can be used to cause a denial of service by preventing the remote backend from getting a response, content spoofing if the attacker can time its own query so that subsequent queries will use an attacker-controlled HTTP server instead of the configured one, and possibly information disclosure if the Authoritative Server has access to internal servers.


Discovery 2019-03-18
Entry 2019-03-19
powerdns
< 4.1.7

https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-03.html
CVE-2019-3871