Filtered by vendor Powerdns
Subscribe
Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-41999 | 1 Powerdns | 1 Authoritative | 2026-05-26 | N/A | 4.8 MEDIUM |
| Incorrect Behaviour of Views with TCP PROXY Requests | |||||
| CVE-2026-42000 | 1 Powerdns | 1 Authoritative | 2026-05-26 | N/A | 6.8 MEDIUM |
| Insufficient Validation of Names During AXFR | |||||
| CVE-2026-42001 | 1 Powerdns | 1 Authoritative | 2026-05-26 | N/A | 7.5 HIGH |
| Insufficient Validation of Autoprimary SOA Queries | |||||
| CVE-2026-42002 | 1 Powerdns | 1 Authoritative | 2026-05-26 | N/A | 5.9 MEDIUM |
| Concurrency and locking defects in GSS-TSIG | |||||
| CVE-2026-42396 | 1 Powerdns | 1 Authoritative | 2026-05-26 | N/A | 4.9 MEDIUM |
| Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail | |||||
| CVE-2017-7557 | 1 Powerdns | 1 Dnsdist | 2026-05-13 | 6.8 MEDIUM | 8.8 HIGH |
| dnsdist version 1.1.0 is vulnerable to a flaw in authentication mechanism for REST API potentially allowing CSRF attack. | |||||
| CVE-2026-33611 | 1 Powerdns | 1 Authoritative | 2026-05-12 | N/A | 6.5 MEDIUM |
| An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend. | |||||
| CVE-2016-5427 | 1 Powerdns | 1 Authoritative | 2026-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query. | |||||
| CVE-2015-1868 | 2 Fedoraproject, Powerdns | 3 Fedora, Authoritative, Recursor | 2026-05-06 | 7.8 HIGH | N/A |
| The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. | |||||
| CVE-2015-5311 | 1 Powerdns | 1 Authoritative | 2026-05-06 | 5.0 MEDIUM | N/A |
| PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. | |||||
| CVE-2016-5426 | 1 Powerdns | 1 Authoritative | 2026-05-06 | 5.0 MEDIUM | 7.5 HIGH |
| PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. | |||||
| CVE-2014-8601 | 2 Debian, Powerdns | 2 Debian Linux, Recursor | 2026-05-06 | 5.0 MEDIUM | N/A |
| PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. | |||||
| CVE-2016-6172 | 2 Opensuse, Powerdns | 3 Leap, Opensuse, Authoritative Server | 2026-05-06 | 7.1 HIGH | 6.8 MEDIUM |
| PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. | |||||
| CVE-2015-5470 | 1 Powerdns | 2 Authoritative, Recursor | 2026-05-06 | 7.8 HIGH | N/A |
| The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. | |||||
| CVE-2014-3614 | 1 Powerdns | 1 Powerdns Recursor | 2026-05-06 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets. | |||||
| CVE-2012-0206 | 1 Powerdns | 1 Authoritative Server | 2026-04-29 | 5.0 MEDIUM | N/A |
| common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response. | |||||
| CVE-2012-1193 | 1 Powerdns | 1 Powerdns Recursor | 2026-04-29 | 6.4 MEDIUM | N/A |
| The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. | |||||
| CVE-2026-33256 | 1 Powerdns | 1 Recursor | 2026-04-27 | N/A | 5.3 MEDIUM |
| An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |||||
| CVE-2026-33257 | 1 Powerdns | 3 Authoritative, Dnsdist, Recursor | 2026-04-27 | N/A | 5.3 MEDIUM |
| An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |||||
| CVE-2026-33258 | 1 Powerdns | 1 Recursor | 2026-04-27 | N/A | 5.3 MEDIUM |
| By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. | |||||