Vulnerabilities > Powerdns

DATE CVE VULNERABILITY TITLE RISK
2020-10-16 CVE-2020-25829 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5.
network
low complexity
powerdns opensuse
5.0
2020-10-02 CVE-2020-24698 Double Free vulnerability in Powerdns Authoritative
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.
network
powerdns CWE-415
6.8
2020-10-02 CVE-2020-24697 Unspecified vulnerability in Powerdns Authoritative
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.
network
powerdns
4.3
2020-10-02 CVE-2020-24696 Race Condition vulnerability in Powerdns Authoritative
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.
network
high complexity
powerdns CWE-362
5.1
2020-10-02 CVE-2020-17482 Information Exposure vulnerability in Powerdns Authoritative
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
network
low complexity
powerdns CWE-200
4.0
2020-07-01 CVE-2020-14196 Incorrect Authorization vulnerability in Powerdns Recursor
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
network
powerdns CWE-863
4.3
2020-05-19 CVE-2020-10995 Uncontrolled Recursion vulnerability in Powerdns Recursor
PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks.
network
low complexity
powerdns CWE-674
5.0
2020-05-19 CVE-2020-10030 Out-Of-Bounds Read vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0.
network
low complexity
powerdns CWE-125
6.5
2020-05-19 CVE-2020-12244 Improper Input Validation vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.
network
low complexity
powerdns CWE-20
5.0
2020-01-15 CVE-2015-5230 Improper Input Validation vulnerability in multiple products
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
network
low complexity
powerdns debian CWE-20
5.0