Vulnerabilities > Powerdns > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-22 | CVE-2017-7557 | Cross-Site Request Forgery (CSRF) vulnerability in Powerdns Dnsdist 1.1.0 dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. | 6.8 |
| 2016-09-21 | CVE-2016-5427 | Resource Management Errors vulnerability in Powerdns Authoritative PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . | 5.0 |
| 2016-09-21 | CVE-2016-5426 | Resource Management Errors vulnerability in Powerdns Authoritative PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. | 5.0 |
| 2015-11-17 | CVE-2015-5311 | Improper Input Validation vulnerability in Powerdns Authoritative 3.4.4/3.4.5/3.4.6 PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. | 5.0 |
| 2014-12-10 | CVE-2014-8601 | Resource Management Errors vulnerability in multiple products PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. | 5.0 |
| 2014-09-19 | CVE-2014-3614 | Remote Denial of Service vulnerability in Powerdns Recursor 3.6.0 Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets. | 5.0 |
| 2012-02-17 | CVE-2012-1193 | Security Bypass vulnerability in Powerdns Recursor 3.3 The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. | 6.4 |
| 2012-02-17 | CVE-2012-0206 | Resource Management Errors vulnerability in Powerdns Authoritative Server 2.9.22/3.0 common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response. | 5.0 |
| 2008-12-09 | CVE-2008-5277 | Configuration vulnerability in Powerdns PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query. | 4.3 |
| 2008-08-08 | CVE-2008-3337 | Improper Input Validation vulnerability in Powerdns Authoritative Server and Powerdns PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217. | 6.4 |