Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
powerdns pdns vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-26437
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: up to and including 4.6.5, up to and including 4.7.4 , up to and including 4.8.3.
Powerdns Recursor
NA
CVE-2008-1637
PowerDNS Recursor prior to 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote malicious users to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external li...
Powerdns Recursor
6.8
CVSSv3
CVE-2016-6172
PowerDNS (aka pdns) Authoritative Server prior to 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Powerdns Authoritative Server
8.8
CVSSv3
CVE-2019-3871
A vulnerability was found in PowerDNS Authoritative Server prior to 4.0.7 and prior to 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denia...
Powerdns Authoritative Server
Fedoraproject Fedora 28
Fedoraproject Fedora 29
7.5
CVSSv3
CVE-2017-15120
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor prior to 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a den...
Powerdns Recursor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
NA
CVE-2014-8601
PowerDNS Recursor prior to 3.6.2 does not limit delegation chaining, which allows remote malicious users to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
Debian Debian Linux 7.0
Powerdns Recursor
4.3
CVSSv3
CVE-2019-10203
PowerDNS Authoritative daemon , pdns versions 4.0.x prior to 4.0.9, 4.1.x prior to 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
Powerdns Authoritative Server
7.5
CVSSv3
CVE-2020-12244
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an malicious user to bypass DNSSEC validation.
Powerdns Recursor
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
7.5
CVSSv3
CVE-2020-25829
An issue has been found in PowerDNS Recursor prior to 4.1.18, 4.2.x prior to 4.2.5, and 4.3.x prior to 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS...
Powerdns Recursor
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Opensuse Leap 15.2
7.5
CVSSv3
CVE-2015-5230
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x prior to 3.4.6 allows remote malicious users to cause a denial of service (crash) via crafted query packets.
Powerdns Authoritative
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »