Vulnerabilities > Powerdns > Authoritative

DATE CVE VULNERABILITY TITLE RISK
2018-09-11 CVE-2016-7074 Improper Input Validation vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures.
network
high complexity
powerdns debian CWE-20
5.9
2018-09-11 CVE-2016-7073 Improper Input Validation vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures.
network
high complexity
powerdns debian CWE-20
5.9
2018-09-11 CVE-2016-7068 Resource Exhaustion vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded.
network
low complexity
powerdns debian CWE-400
7.5
2018-09-10 CVE-2016-7072 Resource Exhaustion vulnerability in multiple products
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server.
network
low complexity
powerdns debian CWE-400
7.5
2018-01-23 CVE-2017-15091 Improperly Implemented Security Check for Standard vulnerability in Powerdns Authoritative
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword.
network
low complexity
powerdns CWE-358
7.1
2016-09-21 CVE-2016-5427 Resource Management Errors vulnerability in Powerdns Authoritative
PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a .
network
low complexity
powerdns CWE-399
7.5
2016-09-21 CVE-2016-5426 Resource Management Errors vulnerability in Powerdns Authoritative
PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.
network
low complexity
powerdns CWE-399
7.5