Vulnerabilities > Powerdns > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-04 | CVE-2023-26437 | Unspecified vulnerability in Powerdns Recursor Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. | 5.3 |
| 2022-08-23 | CVE-2022-37428 | Incomplete Cleanup vulnerability in multiple products PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. | 6.5 |
| 2020-10-02 | CVE-2020-17482 | Use of Uninitialized Resource vulnerability in Powerdns Authoritative An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. | 4.3 |
| 2020-07-01 | CVE-2020-14196 | Incorrect Authorization vulnerability in Powerdns Recursor In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | 5.3 |
| 2019-11-22 | CVE-2019-10203 | Incorrect Conversion between Numeric Types vulnerability in Powerdns Authoritative Server PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. | 4.3 |
| 2019-07-30 | CVE-2019-10163 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. | 4.3 |
| 2018-11-26 | CVE-2018-14663 | Improper Input Validation vulnerability in Powerdns Dnsdist An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. | 5.9 |
| 2018-11-09 | CVE-2018-14644 | Improper Input Validation vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. | 5.9 |
| 2018-11-01 | CVE-2016-2120 | Integer Overflow or Wraparound vulnerability in multiple products An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. | 6.5 |
| 2018-09-11 | CVE-2016-7074 | Improper Input Validation vulnerability in multiple products An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. | 5.9 |