Vulnerabilities > Powerdns > Authoritative > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-02 CVE-2020-24698 Double Free vulnerability in Powerdns Authoritative
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.
network
powerdns CWE-415
6.8
2020-10-02 CVE-2020-24697 Unspecified vulnerability in Powerdns Authoritative
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.
network
powerdns
4.3
2020-10-02 CVE-2020-24696 Race Condition vulnerability in Powerdns Authoritative
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.
network
high complexity
powerdns CWE-362
5.1
2020-10-02 CVE-2020-17482 Use of Uninitialized Resource vulnerability in Powerdns Authoritative
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
network
low complexity
powerdns CWE-908
4.0
2020-01-15 CVE-2015-5230 Improper Input Validation vulnerability in multiple products
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
network
low complexity
powerdns debian CWE-20
5.0
2019-07-30 CVE-2019-10163 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages.
network
low complexity
powerdns opensuse CWE-770
4.3
2019-07-30 CVE-2019-10162 Improper Authorization vulnerability in Powerdns Authoritative
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control.
network
low complexity
powerdns CWE-285
5.0
2018-11-29 CVE-2018-14626 Unspecified vulnerability in Powerdns Authoritative and Recursor
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
network
low complexity
powerdns
5.0
2018-11-29 CVE-2018-10851 Missing Release of Resource after Effective Lifetime vulnerability in Powerdns Authoritative and Recursor
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
network
low complexity
powerdns CWE-772
5.0
2018-11-01 CVE-2016-2120 Integer Overflow or Wraparound vulnerability in multiple products
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record.
network
low complexity
powerdns debian CWE-190
4.0