Vulnerabilities > Powerdns > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-04 CVE-2023-26437 Unspecified vulnerability in Powerdns Recursor
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.
network
low complexity
powerdns
5.3
2022-08-23 CVE-2022-37428 Incomplete Cleanup vulnerability in multiple products
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
network
low complexity
powerdns fedoraproject CWE-459
6.5
2020-10-02 CVE-2020-17482 Use of Uninitialized Resource vulnerability in Powerdns Authoritative
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
network
low complexity
powerdns CWE-908
4.3
2020-07-01 CVE-2020-14196 Incorrect Authorization vulnerability in Powerdns Recursor
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
network
low complexity
powerdns CWE-863
5.3
2019-11-22 CVE-2019-10203 Incorrect Conversion between Numeric Types vulnerability in Powerdns Authoritative Server
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
network
low complexity
powerdns CWE-681
4.3
2019-07-30 CVE-2019-10163 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages.
network
low complexity
powerdns opensuse CWE-770
4.3
2018-11-26 CVE-2018-14663 Improper Input Validation vulnerability in Powerdns Dnsdist
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist.
network
high complexity
powerdns CWE-20
5.9
2018-11-09 CVE-2018-14644 Improper Input Validation vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4.
network
high complexity
powerdns CWE-20
5.9
2018-11-01 CVE-2016-2120 Integer Overflow or Wraparound vulnerability in multiple products
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record.
network
low complexity
powerdns debian CWE-190
6.5
2018-09-11 CVE-2016-7074 Improper Input Validation vulnerability in multiple products
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures.
network
high complexity
powerdns debian CWE-20
5.9