Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
powerdns vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2016-5426
PowerDNS (aka pdns) Authoritative Server prior to 3.4.10 allows remote malicious users to cause a denial of service (backend CPU consumption) via a long qname.
Powerdns Authoritative
4.3
CVSSv2
CVE-2020-24697
An issue exists in PowerDNS Authoritative up to and including 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.
Powerdns Authoritative
5
CVSSv2
CVE-2016-7069
An issue has been found in dnsdist prior to 1.2.0 in the way EDNS0 OPT records are handled when parsing responses from a backend. When dnsdist is configured to add EDNS Client Subnet to a query, the response may contain an EDNS0 OPT record that has to be removed before forwarding...
Powerdns Dnsdist
5
CVSSv2
CVE-2018-16855
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
Powerdns Recursor
3.5
CVSSv2
CVE-2017-15093
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to conf...
Powerdns Recursor
1 Article
4.3
CVSSv2
CVE-2017-15094
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than of...
Powerdns Recursor
1 Article
4.3
CVSSv2
CVE-2018-14663
An issue has been found in PowerDNS DNSDist prior to 1.3.3 allowing a remote malicious user to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smu...
Powerdns Dnsdist
NA
CVE-2023-26437
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: up to and including 4.6.5, up to and including 4.7.4 , up to and including 4.8.3.
Powerdns Recursor
4.3
CVSSv2
CVE-2020-14196
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
Powerdns Recursor
4
CVSSv2
CVE-2020-17482
An issue has been found in PowerDNS Authoritative Server prior to 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
Powerdns Authoritative
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »