Delegate proxy 5.9.3 and earlier creates files and directories in the DGROOT with world-writable permissions.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| delegate | delegate | * |
Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| delegate | delegate | 7.7.0 |
| delegate | delegate | 7.8.0 |
| delegate | delegate | 7.8.1 |
| delegate | delegate | 7.7.1 |
Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote attackers to execute arbitrary code, as demonstrated using a long USER command to the POP proxy.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| delegate | delegate | 7.7.0 |
| delegate | delegate | 7.8.0 |
| delegate | delegate | 7.8.1 |
| delegate | delegate | 7.7.1 |
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| team_johnlong | raidendnsd | * |
| pliant | pliant_dns_server | * |
| dnrd | dnrd | 2.9 |
| delegate | delegate | 8.3.4 |
| qbik | wingate | 6.0.1_build_993 |
| maradns | maradns | 0.8.05 |
| axis | 2110_network_camera | 2.32 |
| delegate | delegate | 8.4.0 |
| dnrd | dnrd | 1.2 |
| posadis | posadis | 0.50.5 |
| delegate | delegate | 8.9.4 |
| dnrd | dnrd | 1.0 |
| axis | 2100_network_camera | 2.01 |
| axis | 2120_network_camera | 2.12 |
| dnrd | dnrd | 2.0 |
| axis | 2401_video_server | 3.12 |
| axis | 2110_network_camera | 2.34 |
| axis | 2100_network_camera | 2.30 |
| delegate | delegate | 8.9.1 |
| axis | 2420_network_camera | 2.12 |
| axis | 2420_network_camera | 2.33 |
| axis | 2400_video_server | 3.12 |
| delegate | delegate | 7.8.2 |
| axis | 2110_network_camera | 2.40 |
| axis | 2100_network_camera | 2.34 |
| axis | 2420_network_camera | 2.30 |
| dnrd | dnrd | 2.8 |
| axis | 2110_network_camera | 2.31 |
| don_moore | mydns | 0.10.0 |
| qbik | wingate | 6.0 |
| maradns | maradns | 0.5.31 |
| axis | 2120_network_camera | 2.34 |
| qbik | wingate | 4.1_beta_a |
| posadis | posadis | 0.50.4 |
| delegate | delegate | 8.9.2 |
| axis | 2100_network_camera | 2.03 |
| axis | 2100_network_camera | 2.40 |
| dnrd | dnrd | 2.4 |
| dnrd | dnrd | 1.1 |
| axis | 2420_network_camera | 2.31 |
| axis | 2120_network_camera | 2.32 |
| dnrd | dnrd | 2.2 |
| posadis | posadis | 0.60.0 |
| maradns | maradns | 0.5.28 |
| dnrd | dnrd | 2.1 |
| delegate | delegate | 8.9.5 |
| delegate | delegate | 8.5.0 |
| axis | 2110_network_camera | 2.41 |
| posadis | posadis | 0.50.7 |
| posadis | posadis | 0.50.6 |
| delegate | delegate | 7.8.0 |
| qbik | wingate | 6.0.1_build_995 |
| delegate | delegate | 7.9.11 |
| delegate | delegate | 8.9.3 |
| dnrd | dnrd | 2.5 |
| posadis | posadis | 0.50.9 |
| dnrd | dnrd | 2.7 |
| posadis | posadis | 0.60.1 |
| axis | 2100_network_camera | 2.33 |
| axis | 2110_network_camera | 2.30 |
| delegate | delegate | 7.7.0 |
| don_moore | mydns | 0.6 |
| posadis | posadis | m5pre1 |
| dnrd | dnrd | 1.3 |
| axis | 2420_network_camera | 2.41 |
| axis | 2420_network_camera | 2.34 |
| don_moore | mydns | 0.9 |
| axis | 2100_network_camera | 2.32 |
| qbik | wingate | 3.0 |
| don_moore | mydns | 0.8 |
| axis | 2420_network_camera | 2.40 |
| axis | 2100_network_camera | 2.41 |
| maradns | maradns | 0.5.29 |
| axis | 2100_network_camera | 2.12 |
| axis | 2100_network_camera | 2.02 |
| axis | 2120_network_camera | 2.31 |
| dnrd | dnrd | 1.4 |
| maradns | maradns | 0.5.30 |
| axis | 2100_network_camera | 2.0 |
| dnrd | dnrd | 2.6 |
| delegate | delegate | 8.9 |
| axis | 2110_network_camera | 2.12 |
| don_moore | mydns | 0.7 |
| posadis | posadis | m5pre2 |
| axis | 2120_network_camera | 2.40 |
| axis | 2100_network_camera | 2.31 |
| axis | 2460_network_dvr | 3.12 |
| axis | 2120_network_camera | 2.30 |
| dnrd | dnrd | 2.10 |
| qbik | wingate | 4.0.1 |
| delegate | delegate | 7.8.1 |
| axis | 2400_video_server | 3.11 |
| delegate | delegate | 7.7.1 |
| axis | 2420_network_camera | 2.32 |
| axis | 2120_network_camera | 2.41 |
| delegate | delegate | 8.3.3 |
| posadis | posadis | 0.50.8 |
| dnrd | dnrd | 2.3 |
Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| delegate | delegate | 8.9 |
| delegate | delegate | 8.3.4 |
| delegate | delegate | 8.9.1 |
| delegate | delegate | 7.8.1 |
| delegate | delegate | 7.7.1 |
| delegate | delegate | 7.8.2 |
| delegate | delegate | 8.4.0 |
| delegate | delegate | 8.5.0 |
| delegate | delegate | 8.9.2 |
| delegate | delegate | 8.3.3 |
| delegate | delegate | 7.7.0 |
| delegate | delegate | 7.8.0 |
| delegate | delegate | 7.9.11 |
The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| delegate | delegate | 8.9 |
| delegate | delegate | 8.10 |
| delegate | delegate | 8.9.6 |
| delegate | delegate | 8.10.1 |
| delegate | delegate | 8.3.4 |
| delegate | delegate | 8.9.1 |
| delegate | delegate | 7.8.1 |
| delegate | delegate | 7.7.1 |
| etl | delegate | 5.9 |
| delegate | delegate | 7.8.2 |
| delegate | delegate | 8.4.0 |
| delegate | delegate | 8.9.5 |
| delegate | delegate | 8.5.0 |
| delegate | delegate | 8.9.2 |
| etl | delegate | 6.0 |
| delegate | delegate | 8.3.3 |
| delegate | delegate | 7.7.0 |
| delegate | delegate | 7.8.0 |
| delegate | delegate | * |
| delegate | delegate | 8.9.4 |
| delegate | delegate | 7.9.11 |
| delegate | delegate | 8.9.3 |
| delegate | delegate | 5.9.3 |
Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| delegate | delegate | * |
Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| delegate | delegate | 8.11 |
| delegate | delegate | 8.9 |
| delegate | delegate | 8.11.5 |
| delegate | delegate | 8.10.2 |
| delegate | delegate | 8.10.6 |
| delegate | delegate | 8.3.4 |
| delegate | delegate | 8.11.4 |
| delegate | delegate | 8.11.3 |
| delegate | delegate | 8.10.5 |
| delegate | delegate | 8.4.0 |
| delegate | delegate | 8.9.2 |
| delegate | delegate | 9.0.5 |
| delegate | delegate | 7.7.0 |
| delegate | delegate | 8.9.4 |
| delegate | delegate | 8.11.1 |
| delegate | delegate | 9.0.2 |
| delegate | delegate | 8.10 |
| delegate | delegate | 9.0.1 |
| delegate | delegate | 9.0.3 |
| delegate | delegate | 8.9.6 |
| delegate | delegate | 8.10.1 |
| delegate | delegate | 8.9.1 |
| delegate | delegate | 7.8.1 |
| delegate | delegate | 7.7.1 |
| delegate | delegate | 8.10.4 |
| delegate | delegate | 9.0.4 |
| delegate | delegate | 8.10.3 |
| delegate | delegate | 7.8.2 |
| delegate | delegate | 8.9.5 |
| delegate | delegate | 8.5.0 |
| delegate | delegate | 8.3.3 |
| delegate | delegate | 7.8.0 |
| delegate | delegate | 8.11.2 |
| delegate | delegate | 9.0 |
| delegate | delegate | 7.9.11 |
| delegate | delegate | 8.9.3 |
DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| delegate | delegate | 9.9.13 |