Vulnerabilities > Powerdns > Recursor > High

DATE CVE VULNERABILITY TITLE RISK
2018-11-29 CVE-2018-10851 Missing Release of Resource after Effective Lifetime vulnerability in Powerdns Authoritative and Recursor
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
network
low complexity
powerdns CWE-772
7.5
2018-09-11 CVE-2016-7068 Resource Exhaustion vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded.
network
low complexity
powerdns debian CWE-400
7.5
2018-07-27 CVE-2017-15120 NULL Pointer Dereference vulnerability in multiple products
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN.
network
low complexity
powerdns debian CWE-476
7.5