Vulnerabilities > Powerdns > Authoritative > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-02 CVE-2020-17482 Use of Uninitialized Resource vulnerability in Powerdns Authoritative
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
network
low complexity
powerdns CWE-908
4.3
2019-07-30 CVE-2019-10163 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages.
network
low complexity
powerdns opensuse CWE-770
4.3
2018-11-01 CVE-2016-2120 Integer Overflow or Wraparound vulnerability in multiple products
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record.
network
low complexity
powerdns debian CWE-190
6.5
2018-09-11 CVE-2016-7074 Improper Input Validation vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures.
network
high complexity
powerdns debian CWE-20
5.9
2018-09-11 CVE-2016-7073 Improper Input Validation vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures.
network
high complexity
powerdns debian CWE-20
5.9