Vulnerabilities > Powerdns > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-30 | CVE-2019-10163 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. | 4.3 |
2019-07-30 | CVE-2019-10162 | Improper Authorization vulnerability in Powerdns Authoritative A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. | 5.0 |
2019-01-29 | CVE-2019-3807 | Improper Certificate Validation vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation. | 6.4 |
2019-01-29 | CVE-2019-3806 | Unspecified vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. network powerdns | 6.8 |
2018-12-03 | CVE-2018-16855 | Out-of-bounds Read vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. | 5.0 |
2018-11-29 | CVE-2018-14626 | Unspecified vulnerability in Powerdns Authoritative and Recursor PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. | 5.0 |
2018-11-29 | CVE-2018-10851 | Missing Release of Resource after Effective Lifetime vulnerability in Powerdns Authoritative and Recursor PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. | 5.0 |
2018-11-26 | CVE-2018-14663 | Improper Input Validation vulnerability in Powerdns Dnsdist An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. | 4.3 |
2018-11-09 | CVE-2018-14644 | Improper Input Validation vulnerability in Powerdns Recursor An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. | 4.3 |
2018-11-01 | CVE-2016-2120 | Integer Overflow or Wraparound vulnerability in multiple products An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. | 4.0 |