Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
recursor vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2023-26437
Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: up to and including 4.6.5, up to and including 4.7.4 , up to and including 4.8.3.
Powerdns Recursor
5.9
CVSSv3
CVE-2017-15094
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than of...
Powerdns Recursor
1 Article
8.1
CVSSv3
CVE-2019-3806
An issue has been found in PowerDNS Recursor versions after 4.1.3 prior to 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
Powerdns Recursor
5.9
CVSSv3
CVE-2018-14644
An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authori...
Powerdns Recursor
NA
CVE-2008-1637
PowerDNS Recursor prior to 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote malicious users to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external li...
Powerdns Recursor
9.8
CVSSv3
CVE-2019-3807
An issue has been found in PowerDNS Recursor versions 4.1.x prior to 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an malicious user to bypass DNSSEC validation.
Powerdns Recursor
5.3
CVSSv3
CVE-2020-14196
In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
Powerdns Recursor
8.8
CVSSv3
CVE-2020-10030
An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems wh...
Powerdns Recursor
NA
CVE-2015-5470
The label decompression functionality in PowerDNS Recursor prior to 3.6.4 and 3.7.x prior to 3.7.3 and Authoritative (Auth) Server prior to 3.3.3 and 3.4.x prior to 3.4.5 allows remote malicious users to cause a denial of service (CPU consumption or crash) via a request with a lo...
Powerdns Authoritative
Powerdns Authoritative 3.4.1
Powerdns Authoritative 3.4.2
Powerdns Authoritative 3.4.3
Powerdns Authoritative 3.4.4
Powerdns Authoritative 3.4.0
Powerdns Recursor
Powerdns Recursor 3.7.2
Powerdns Recursor 3.7.1
3.7
CVSSv3
CVE-2018-1000003
Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
Powerdns Recursor 4.1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »