Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
powerdns recursor vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-15092
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote malicious user to inject HTML and Javascript code into the web interfac...
Powerdns Recursor
1 Article
5.3
CVSSv3
CVE-2017-15093
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to conf...
Powerdns Recursor
1 Article
5.9
CVSSv3
CVE-2017-15094
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than of...
Powerdns Recursor
1 Article
7.5
CVSSv3
CVE-2023-22617
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.
Powerdns Recursor 4.8.0
3.7
CVSSv3
CVE-2018-1000003
Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
Powerdns Recursor 4.1.0
7.5
CVSSv3
CVE-2016-7068
An issue has been found in PowerDNS prior to 3.4.11 and 4.0.2, and PowerDNS recursor prior to 3.7.4 and 4.0.4, allowing a remote, unauthenticated malicious user to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a part...
Powerdns Authoritative
Powerdns Recursor
Debian Debian Linux 8.0
5.9
CVSSv3
CVE-2016-7073
An issue has been found in PowerDNS prior to 3.4.11 and 4.0.2, and PowerDNS recursor prior to 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and f...
Powerdns Recursor
Powerdns Authoritative
Debian Debian Linux 8.0
5.9
CVSSv3
CVE-2016-7074
An issue has been found in PowerDNS prior to 3.4.11 and 4.0.2, and PowerDNS recursor prior to 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record i...
Powerdns Authoritative
Powerdns Recursor
Debian Debian Linux 8.0
6.5
CVSSv3
CVE-2022-37428
PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.
Powerdns Recursor
Fedoraproject Fedora 36
NA
CVE-2014-8601
PowerDNS Recursor prior to 3.6.2 does not limit delegation chaining, which allows remote malicious users to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.
Debian Debian Linux 7.0
Powerdns Recursor
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »