Vulnerabilities > Powerdns > High

DATE CVE VULNERABILITY TITLE RISK
2020-01-15 CVE-2015-5230 Improper Input Validation vulnerability in multiple products
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
network
low complexity
powerdns debian CWE-20
7.5
2019-07-30 CVE-2019-10162 A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control.
network
low complexity
powerdns opensuse
7.5
2019-03-21 CVE-2019-3871 Improper Input Validation vulnerability in multiple products
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7.
network
low complexity
powerdns fedoraproject CWE-20
8.8
2019-01-29 CVE-2019-3806 Unspecified vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
network
high complexity
powerdns
8.1
2018-12-03 CVE-2018-16855 Out-of-bounds Read vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
network
low complexity
powerdns CWE-125
7.5
2018-11-29 CVE-2018-14626 Unspecified vulnerability in Powerdns Authoritative and Recursor
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
network
low complexity
powerdns
7.5
2018-11-29 CVE-2018-10851 Missing Release of Resource after Effective Lifetime vulnerability in Powerdns Authoritative and Recursor
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
network
low complexity
powerdns CWE-772
7.5
2018-09-11 CVE-2016-7069 Improper Input Validation vulnerability in Powerdns Dnsdist 1.2.0
An issue has been found in dnsdist before 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend.
network
low complexity
powerdns CWE-20
7.5
2018-09-11 CVE-2016-7068 Resource Exhaustion vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded.
network
low complexity
powerdns debian CWE-400
7.5
2018-09-10 CVE-2016-7072 Resource Exhaustion vulnerability in multiple products
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server.
network
low complexity
powerdns debian CWE-400
7.5