FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 00:09:58 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
61d89849-43cb-11eb-aba5-00a09858faf5	powerdns -- Various issues in GSS-TSIG support PowerDNS developers report: A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution by sending crafted queries with a GSS-TSIG signature. Discovery 2020-08-27 Entry 2020-12-21 powerdns < 4.4.0 CVE-2020-24696 CVE-2020-24697 CVE-2020-24698 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
b371db92-fe34-11ea-b90e-6805ca2fa271	powerdns -- Leaking uninitialised memory through crafted zone records PowerDNS Team reports CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR. Discovery 2020-09-22 Entry 2020-09-24 powerdns >= 4.3.0 lt 4.3.1 >= 4.2.0 lt 4.2.3 >= 4.1.0 lt 4.1.14 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html CVE-2020-17482

VuXML ID

Description

61d89849-43cb-11eb-aba5-00a09858faf5

powerdns -- Various issues in GSS-TSIG support

PowerDNS developers report:

A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.

A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.

A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution by sending crafted queries with a GSS-TSIG signature.

Discovery 2020-08-27
Entry 2020-12-21
powerdns

< 4.4.0

CVE-2020-24696
CVE-2020-24697
CVE-2020-24698
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html

b371db92-fe34-11ea-b90e-6805ca2fa271

powerdns -- Leaking uninitialised memory through crafted zone records

PowerDNS Team reports

CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. Such a user could be a customer inserting data via a control panel, or somebody with access to the REST API. Crafted records cannot be inserted via AXFR.

Discovery 2020-09-22
Entry 2020-09-24
powerdns

>= 4.3.0 lt 4.3.1

>= 4.2.0 lt 4.2.3

>= 4.1.0 lt 4.1.14

https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
CVE-2020-17482