Authoritative Security Vulnerabilities and Issues — Authoritative CVE List

Lucene search

PowerdnsAuthoritative

8 matches found

CVE•added 2018/09/11 1:29 p.m.•223 views

CVE-2016-7068

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the ...

7.8CVSS7AI score0.00089EPSS

CVE•added 2018/01/23 3:29 p.m.•207 views

CVE-2017-15091

An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly k...

7.1CVSS6.7AI score0.00003EPSS

CVE•added 2018/11/29 6:29 p.m.•173 views

CVE-2018-10851

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

7.5CVSS7.3AI score0.00093EPSS

CVE•added 2018/09/11 1:29 p.m.•107 views

CVE-2016-7073

An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found i...

5.9CVSS6.1AI score0.00007EPSS

CVE•added 2018/11/29 6:29 p.m.•104 views

CVE-2018-14626

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.

7.5CVSS7.2AI score0.00132EPSS

CVE•added 2018/09/11 1:29 p.m.•103 views

CVE-2016-7074

5.9CVSS6.2AI score0.00004EPSS

CVE•added 2018/11/01 1:29 p.m.•101 views

CVE-2016-2120

An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow...

7.5CVSS6.7AI score0.00131EPSS

CVE•added 2018/09/10 5:29 p.m.•94 views

CVE-2016-7072

An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and term...

7.5CVSS7.2AI score0.0003EPSS