Vulnerabilities > Powerdns
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-25829 | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. | 5.0 |
| 2020-10-02 | CVE-2020-24698 | Double Free vulnerability in Powerdns Authoritative An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. | 6.8 |
| 2020-10-02 | CVE-2020-24697 | Unspecified vulnerability in Powerdns Authoritative An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. network powerdns | 4.3 |
| 2020-10-02 | CVE-2020-24696 | Race Condition vulnerability in Powerdns Authoritative An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. | 5.1 |
| 2020-10-02 | CVE-2020-17482 | Information Exposure vulnerability in Powerdns Authoritative An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. | 4.0 |
| 2020-07-01 | CVE-2020-14196 | Incorrect Authorization vulnerability in Powerdns Recursor In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | 4.3 |
| 2020-05-19 | CVE-2020-10995 | Uncontrolled Recursion vulnerability in Powerdns Recursor PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. | 5.0 |
| 2020-05-19 | CVE-2020-10030 | Out-Of-Bounds Read vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. | 6.5 |
| 2020-05-19 | CVE-2020-12244 | Improper Input Validation vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. | 5.0 |
| 2020-01-15 | CVE-2015-5230 | Improper Input Validation vulnerability in multiple products The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. | 5.0 |