Total
50 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1868 | 2 Fedoraproject, Powerdns | 3 Fedora, Authoritative, Recursor | 2026-05-06 | 7.8 HIGH | N/A |
| The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. | |||||
| CVE-2014-8601 | 2 Debian, Powerdns | 2 Debian Linux, Recursor | 2026-05-06 | 5.0 MEDIUM | N/A |
| PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. | |||||
| CVE-2015-5470 | 1 Powerdns | 2 Authoritative, Recursor | 2026-05-06 | 7.8 HIGH | N/A |
| The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. | |||||
| CVE-2026-33256 | 1 Powerdns | 1 Recursor | 2026-04-27 | N/A | 5.3 MEDIUM |
| An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |||||
| CVE-2026-33257 | 1 Powerdns | 3 Authoritative, Dnsdist, Recursor | 2026-04-27 | N/A | 5.3 MEDIUM |
| An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |||||
| CVE-2026-33258 | 1 Powerdns | 1 Recursor | 2026-04-27 | N/A | 5.3 MEDIUM |
| By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. | |||||
| CVE-2026-33259 | 1 Powerdns | 1 Recursor | 2026-04-27 | N/A | 5.0 MEDIUM |
| Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider. | |||||
| CVE-2026-33260 | 1 Powerdns | 3 Authoritative, Dnsdist, Recursor | 2026-04-27 | N/A | 5.3 MEDIUM |
| An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |||||
| CVE-2026-33261 | 1 Powerdns | 1 Recursor | 2026-04-27 | N/A | 5.9 MEDIUM |
| A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. | |||||
| CVE-2026-33262 | 1 Powerdns | 1 Recursor | 2026-04-27 | N/A | 5.9 MEDIUM |
| An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default. | |||||
| CVE-2026-33600 | 1 Powerdns | 1 Recursor | 2026-04-27 | N/A | 4.4 MEDIUM |
| An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | |||||
| CVE-2026-33601 | 1 Powerdns | 1 Recursor | 2026-04-27 | N/A | 4.4 MEDIUM |
| If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | |||||
| CVE-2008-1637 | 1 Powerdns | 1 Recursor | 2026-04-23 | 6.8 MEDIUM | N/A |
| PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information. | |||||
| CVE-2008-3217 | 1 Powerdns | 1 Recursor | 2026-04-23 | 6.8 MEDIUM | N/A |
| PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier for remote attack vectors to conduct DNS cache poisoning. NOTE: this is related to incomplete integration of security improvements associated with addressing CVE-2008-1637. | |||||
| CVE-2006-4252 | 1 Powerdns | 1 Recursor | 2026-04-23 | 5.0 MEDIUM | N/A |
| PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop. | |||||
| CVE-2009-4009 | 1 Powerdns | 1 Recursor | 2026-04-23 | 10.0 HIGH | N/A |
| Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets. | |||||
| CVE-2009-4010 | 1 Powerdns | 1 Recursor | 2026-04-23 | 7.5 HIGH | N/A |
| Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones. | |||||
| CVE-2006-4251 | 1 Powerdns | 1 Recursor | 2026-04-23 | 7.5 HIGH | N/A |
| Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length. | |||||
| CVE-2025-59024 | 1 Powerdns | 1 Recursor | 2026-04-20 | N/A | 6.5 MEDIUM |
| Crafted delegations or IP fragments can poison cached delegations in Recursor. | |||||
| CVE-2025-59023 | 1 Powerdns | 1 Recursor | 2026-04-20 | N/A | 8.2 HIGH |
| Crafted delegations or IP fragments can poison cached delegations in Recursor. | |||||