Vulnerabilities > Powerdns > Recursor > 4.0.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-25 | CVE-2022-27227 | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. | 7.5 |
| 2020-10-16 | CVE-2020-25829 | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. | 5.0 |
| 2020-07-01 | CVE-2020-14196 | Incorrect Authorization vulnerability in Powerdns Recursor In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | 5.3 |
| 2018-12-03 | CVE-2018-16855 | Out-of-bounds Read vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. | 5.0 |
| 2018-11-29 | CVE-2018-14626 | Unspecified vulnerability in Powerdns Authoritative and Recursor PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. | 5.0 |
| 2018-11-29 | CVE-2018-10851 | Missing Release of Resource after Effective Lifetime vulnerability in Powerdns Authoritative and Recursor PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. | 5.0 |
| 2018-11-09 | CVE-2018-14644 | Improper Input Validation vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. | 4.3 |
| 2018-07-27 | CVE-2017-15120 | NULL Pointer Dereference vulnerability in multiple products An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. | 5.0 |
| 2018-01-23 | CVE-2017-15094 | Missing Release of Resource after Effective Lifetime vulnerability in Powerdns Recursor An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. | 4.3 |
| 2018-01-23 | CVE-2017-15093 | Improper Input Validation vulnerability in Powerdns Recursor When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. | 3.5 |