FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
b371db92-fe34-11ea-b90e-6805ca2fa271powerdns -- Leaking uninitialised memory through crafted zone records

PowerDNS Team reports

CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR.


Discovery 2020-09-22
Entry 2020-09-24
powerdns
ge 4.3.0 lt 4.3.1

ge 4.2.0 lt 4.2.3

ge 4.1.0 lt 4.1.14

https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
CVE-2020-17482
61d89849-43cb-11eb-aba5-00a09858faf5powerdns -- Various issues in GSS-TSIG support

PowerDNS developers report:

A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.

A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.

A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution by sending crafted queries with a GSS-TSIG signature.


Discovery 2020-08-27
Entry 2020-12-21
powerdns
< 4.4.0

CVE-2020-24696
CVE-2020-24697
CVE-2020-24698
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html