Vulnerabilities > Powerdns
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-02 | CVE-2020-17482 | Use of Uninitialized Resource vulnerability in Powerdns Authoritative An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. | 4.3 |
| 2020-07-01 | CVE-2020-14196 | Incorrect Authorization vulnerability in Powerdns Recursor In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | 5.3 |
| 2020-05-19 | CVE-2020-10995 | Resource Exhaustion vulnerability in multiple products PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. | 7.5 |
| 2020-05-19 | CVE-2020-10030 | Out-of-bounds Read vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. | 8.8 |
| 2020-05-19 | CVE-2020-12244 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. | 7.5 |
| 2020-01-15 | CVE-2015-5230 | Improper Input Validation vulnerability in multiple products The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. | 7.5 |
| 2019-11-22 | CVE-2019-10203 | Incorrect Conversion between Numeric Types vulnerability in Powerdns Authoritative Server PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. | 4.3 |
| 2019-07-30 | CVE-2019-10163 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. | 4.3 |
| 2019-07-30 | CVE-2019-10162 | A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. | 7.5 |
| 2019-03-21 | CVE-2019-3871 | Improper Input Validation vulnerability in multiple products A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. | 8.8 |