Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
powerdns vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-14196
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
Powerdns Recursor
6.8
CVSSv2
CVE-2020-24698
An issue exists in PowerDNS Authoritative up to and including 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS...
Powerdns Authoritative
6.8
CVSSv2
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 prior to 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
Powerdns Recursor
6.4
CVSSv2
CVE-2019-3807
An issue has been found in PowerDNS Recursor versions 4.1.x prior to 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an malicious user to bypass DNSSEC validation.
Powerdns Recursor
4.3
CVSSv2
CVE-2018-14644
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authori...
Powerdns Recursor
5
CVSSv2
CVE-2018-16855
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
Powerdns Recursor
6.5
CVSSv2
CVE-2020-10030
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems wh...
Powerdns Recursor
4.3
CVSSv2
CVE-2022-27227
In PowerDNS Authoritative Server prior to 4.4.3, 4.5.x prior to 4.5.4, and 4.6.x prior to 4.6.1 and PowerDNS Recursor prior to 4.4.8, 4.5.x prior to 4.5.8, and 4.6.x prior to 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as...
Powerdns Recursor
Powerdns Authoritative Server
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
4
CVSSv2
CVE-2019-10163
A Vulnerability has been found in PowerDNS Authoritative Server prior to 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers co...
Powerdns Authoritative 4.1.0
Powerdns Authoritative
Opensuse Leap 15.0
Opensuse Leap 15.1
Opensuse Backports Sle-15
5
CVSSv2
CVE-2021-36754
PowerDNS Authoritative Server 4.5.0 prior to 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.
Powerdns Authoritative Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »