Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Powerdns Subscribe
Filtered by product Authoritative

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-17482 1 Powerdns 1 Authoritative 2022-01-01 4.0 MEDIUM 4.3 MEDIUM
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
CVE-2019-10163 2 Opensuse, Powerdns 2 Leap, Authoritative 2020-12-04 4.0 MEDIUM 4.3 MEDIUM
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
CVE-2016-7073 2 Debian, Powerdns 3 Debian Linux, Authoritative, Recursor 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.
CVE-2016-7074 2 Debian, Powerdns 3 Debian Linux, Authoritative, Recursor 2019-10-09 4.3 MEDIUM 5.9 MEDIUM
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.
CVE-2016-2120 2 Debian, Powerdns 2 Debian Linux, Authoritative 2019-10-09 4.0 MEDIUM 6.5 MEDIUM
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.