Vulnerabilities > Powerdns > Dnsdist > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-11-26 CVE-2018-14663 Improper Input Validation vulnerability in Powerdns Dnsdist
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist.
network
powerdns CWE-20
4.3
2018-09-11 CVE-2016-7069 Improper Input Validation vulnerability in Powerdns Dnsdist
An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend.
network
low complexity
powerdns CWE-20
5.0
2017-08-22 CVE-2017-7557 Cross-Site Request Forgery (CSRF) vulnerability in Powerdns Dnsdist 1.1.0
dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack.
network
powerdns CWE-352
6.8