Vulnerabilities > Powerdns > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-07-30 CVE-2019-10163 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages.
network
low complexity
powerdns opensuse CWE-770
4.3
2019-07-30 CVE-2019-10162 Improper Authorization vulnerability in Powerdns Authoritative
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control.
network
low complexity
powerdns CWE-285
5.0
2019-01-29 CVE-2019-3807 Improper Certificate Validation vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
network
low complexity
powerdns CWE-295
6.4
2019-01-29 CVE-2019-3806 Unspecified vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
network
powerdns
6.8
2018-12-03 CVE-2018-16855 Out-of-bounds Read vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
network
low complexity
powerdns CWE-125
5.0
2018-11-29 CVE-2018-14626 Unspecified vulnerability in Powerdns Authoritative and Recursor
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
network
low complexity
powerdns
5.0
2018-11-29 CVE-2018-10851 Missing Release of Resource after Effective Lifetime vulnerability in Powerdns Authoritative and Recursor
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
network
low complexity
powerdns CWE-772
5.0
2018-11-26 CVE-2018-14663 Improper Input Validation vulnerability in Powerdns Dnsdist
An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist.
network
powerdns CWE-20
4.3
2018-11-09 CVE-2018-14644 Improper Input Validation vulnerability in Powerdns Recursor
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4.
network
powerdns CWE-20
4.3
2018-11-01 CVE-2016-2120 Integer Overflow or Wraparound vulnerability in multiple products
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record.
network
low complexity
powerdns debian CWE-190
4.0