Vulnerabilities > Powerdns > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-23 CVE-2022-37428 Incomplete Cleanup vulnerability in multiple products
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
network
low complexity
powerdns fedoraproject CWE-459
6.5
2021-07-30 CVE-2021-36754 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Powerdns Authoritative Server
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.
network
low complexity
powerdns CWE-119
5.0
2020-10-16 CVE-2020-25829 An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5.
network
low complexity
powerdns opensuse
5.0
2020-10-02 CVE-2020-24698 Double Free vulnerability in Powerdns Authoritative
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.
network
powerdns CWE-415
6.8
2020-10-02 CVE-2020-24697 Unspecified vulnerability in Powerdns Authoritative
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.
network
powerdns
4.3
2020-10-02 CVE-2020-24696 Race Condition vulnerability in Powerdns Authoritative
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.
network
high complexity
powerdns CWE-362
5.1
2020-10-02 CVE-2020-17482 Use of Uninitialized Resource vulnerability in Powerdns Authoritative
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
network
low complexity
powerdns CWE-908
4.0
2020-07-01 CVE-2020-14196 Incorrect Authorization vulnerability in Powerdns Recursor
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
network
low complexity
powerdns CWE-863
5.3
2020-01-15 CVE-2015-5230 Improper Input Validation vulnerability in multiple products
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
network
low complexity
powerdns debian CWE-20
5.0
2019-11-22 CVE-2019-10203 Incorrect Conversion between Numeric Types vulnerability in Powerdns Authoritative Server
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
network
low complexity
powerdns CWE-681
4.3