Vulnerabilities > Powerdns > Dnsdist > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-26 | CVE-2018-14663 | Improper Input Validation vulnerability in Powerdns Dnsdist An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. | 4.3 |
2018-09-11 | CVE-2016-7069 | Improper Input Validation vulnerability in Powerdns Dnsdist An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. | 5.0 |
2017-08-22 | CVE-2017-7557 | Cross-Site Request Forgery (CSRF) vulnerability in Powerdns Dnsdist 1.1.0 dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. | 6.8 |