Lucene search
K

118 matches found

OSV
OSV
added 2018/09/11 1:29 p.m.21 views

CVE-2016-7073

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found...

5.9CVSS6.5AI score0.01233EPSS
Exploits0References3
OSV
OSV
added 2018/09/11 1:29 p.m.27 views

CVE-2016-7074

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leadi...

5.9CVSS6.5AI score0.01222EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2018/09/11 1:29 p.m.24 views

CVE-2016-7073

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found...

5.9CVSS6.6AI score0.01233EPSS
Exploits0References2
Prion
Prion
added 2018/09/11 1:29 p.m.22 views

Input validation

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leadi...

4.3CVSS6.7AI score0.01222EPSS
Exploits0References3Affected Software3
UbuntuCve
UbuntuCve
added 2018/09/11 1:29 p.m.33 views

CVE-2016-7074

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leadi...

5.9CVSS6.6AI score0.01222EPSS
Exploits0References2
Prion
Prion
added 2018/09/11 1:29 p.m.19 views

Input validation

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found...

4.3CVSS6.7AI score0.01233EPSS
Exploits0References3Affected Software3
OSV
OSV
added 2018/09/11 1:29 p.m.3 views

UBUNTU-CVE-2016-7074

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leadi...

5.9CVSS6.6AI score0.01222EPSS
Exploits0References3
CVE
CVE
added 2018/09/11 1:0 p.m.124 views

CVE-2016-7074

CVE-2016-7074 affects PowerDNS (authoritative server and recursor): insufficient TSIG validation allows MITM to alter AXFR content due to missing check that the TSIG record is last, enabling parsing of records outside the TSIG scope. Affected: PowerDNS versions before 3.4.11/4.0.2 and recursor be...

5.9CVSS6.2AI score0.01222EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2018/09/11 1:0 p.m.124 views

CVE-2016-7073

PowerDNS (authoritative server and recursor) prior to versions 3.4.11/4.0.2 and 4.0.4 respectively had a vulnerability CVE-2016-7073 where TSIG signatures were insufficiently validated during AXFR, due to a missing check of TSIG time and fudge values in AXFRRetriever. This allowed an attacker in ...

5.9CVSS6.1AI score0.01233EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2018/09/11 1:0 p.m.30 views

CVE-2016-7073

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found...

5.3CVSS6.2AI score0.01233EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/09/11 1:0 p.m.28 views

CVE-2016-7074

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leadi...

5.3CVSS6.3AI score0.01222EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/09/11 1:0 p.m.43 views

CVE-2016-7074

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leadi...

5.9CVSS6.2AI score0.01222EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/09/11 1:0 p.m.45 views

CVE-2016-7073

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found...

5.9CVSS6.3AI score0.01233EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2018/09/11 1:0 p.m.38 views

CVE-2016-7073

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found...

5.9CVSS6.4AI score0.01233EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2018/09/11 1:0 p.m.49 views

CVE-2016-7074

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leadi...

5.9CVSS6.5AI score0.01222EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 1:37 a.m.28 views

Security Bulletin: Vulnerabilities in ISC BIND affect PowerKVM

Summary PowerKVM is affected by vulnerabilities in ISC BIND. IBM has now addressed these vulnerabilities. Vulnerability Details CVEID: CVE-2017-3143 DESCRIPTION: ISC BIND could allow a remote attacker to bypass security restrictions, caused by an error when an attacker can send and receive messag...

7.5CVSS1.2AI score0.18157EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/12/26 12:0 a.m.46 views

F5 Networks BIG-IP : BIND vulnerability (K59448931)

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection wit...

5.3CVSS6.5AI score0.05356EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/11/16 12:0 a.m.31 views

Virtuozzo 7 : bind / bind-chroot / bind-devel / bind-libs / etc (VZLSA-2017-1680)

"An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS6.3AI score0.18157EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2017/09/19 12:0 a.m.32 views

Ubuntu 14.04 LTS / 16.04 LTS : Bind regression (USN-3346-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3346-2 advisory. USN-3346-1 fixed vulnerabilities in Bind. The fix for CVE-2017-3142 introduced a regression in the ability to receive an AXFR or IXFR in the case wher...

5.3CVSS6.5AI score0.05356EPSS
Exploits0References1
Kitploit
Kitploit
added 2017/09/18 9:0 p.m.96 views

dnsenum - Multithreaded perl script to enumerate DNS information

Multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks. OPERATIONS: Get the host’s addresse A record. Get the namservers threaded. Get the MX record threaded. Perform axfr queries on nameservers and get BIND VERSION threaded. Get extra names an...

7.8AI score
Exploits0References1
Rows per page
Query Builder