rpm package
opensuse/pdns&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/pdns&distro=openSUSE%20Tumbleweed
Vulnerabilities (21)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27227 | — | < 4.6.1-1.1 | 4.6.1-1.1 | Mar 25, 2022 | In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful | ||
| CVE-2021-36754 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Jul 27, 2021 | PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception. | ||
| CVE-2020-17482 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Oct 2, 2020 | An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. | ||
| CVE-2015-5230 | — | < 4.0.1-1.2 | 4.0.1-1.2 | Jan 15, 2020 | The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. | ||
| CVE-2019-10203 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Nov 22, 2019 | PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. | ||
| CVE-2019-10163 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Jul 30, 2019 | A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only ser | ||
| CVE-2019-10162 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Jul 30, 2019 | A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Serve | ||
| CVE-2019-3871 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Mar 21, 2019 | A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of | ||
| CVE-2018-14626 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Nov 29, 2018 | PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. | ||
| CVE-2018-10851 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Nov 29, 2018 | PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. | ||
| CVE-2016-2120 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Nov 1, 2018 | An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to | ||
| CVE-2016-7073 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Sep 11, 2018 | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge | ||
| CVE-2016-7068 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Sep 11, 2018 | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial | ||
| CVE-2016-7072 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Sep 10, 2018 | An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an | ||
| CVE-2018-1046 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Jul 16, 2018 | pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. T | ||
| CVE-2017-15091 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Jan 23, 2018 | An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via | ||
| CVE-2016-6172 | Med | 6.8 | < 4.0.1-1.2 | 4.0.1-1.2 | Sep 26, 2016 | PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. | |
| CVE-2015-1868 | — | < 4.0.1-1.2 | 4.0.1-1.2 | May 18, 2015 | The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a req | ||
| CVE-2012-0206 | — | < 4.0.1-1.2 | 4.0.1-1.2 | Feb 17, 2012 | common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response. | ||
| CVE-2008-3337 | — | < 4.5.1-1.5 | 4.5.1-1.5 | Aug 8, 2008 | PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217. |
- CVE-2022-27227Mar 25, 2022affected < 4.6.1-1.1fixed 4.6.1-1.1
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful
- CVE-2021-36754Jul 27, 2021affected < 4.5.1-1.5fixed 4.5.1-1.5
PowerDNS Authoritative Server 4.5.0 before 4.5.1 allows anybody to crash the process by sending a specific query (QTYPE 65535) that causes an out-of-bounds exception.
- CVE-2020-17482Oct 2, 2020affected < 4.5.1-1.5fixed 4.5.1-1.5
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
- CVE-2015-5230Jan 15, 2020affected < 4.0.1-1.2fixed 4.0.1-1.2
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
- CVE-2019-10203Nov 22, 2019affected < 4.5.1-1.5fixed 4.5.1-1.5
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
- CVE-2019-10163Jul 30, 2019affected < 4.5.1-1.5fixed 4.5.1-1.5
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only ser
- CVE-2019-10162Jul 30, 2019affected < 4.5.1-1.5fixed 4.5.1-1.5
A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Serve
- CVE-2019-3871Mar 21, 2019affected < 4.5.1-1.5fixed 4.5.1-1.5
A vulnerability was found in PowerDNS Authoritative Server before 4.0.7 and before 4.1.7. An insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of
- CVE-2018-14626Nov 29, 2018affected < 4.5.1-1.5fixed 4.5.1-1.5
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
- CVE-2018-10851Nov 29, 2018affected < 4.5.1-1.5fixed 4.5.1-1.5
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
- CVE-2016-2120Nov 1, 2018affected < 4.5.1-1.5fixed 4.5.1-1.5
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to
- CVE-2016-7073Sep 11, 2018affected < 4.5.1-1.5fixed 4.5.1-1.5
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge
- CVE-2016-7068Sep 11, 2018affected < 4.5.1-1.5fixed 4.5.1-1.5
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial
- CVE-2016-7072Sep 10, 2018affected < 4.5.1-1.5fixed 4.5.1-1.5
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an
- CVE-2018-1046Jul 16, 2018affected < 4.5.1-1.5fixed 4.5.1-1.5
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. T
- CVE-2017-15091Jan 23, 2018affected < 4.5.1-1.5fixed 4.5.1-1.5
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via
- affected < 4.0.1-1.2fixed 4.0.1-1.2
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
- CVE-2015-1868May 18, 2015affected < 4.0.1-1.2fixed 4.0.1-1.2
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a req
- CVE-2012-0206Feb 17, 2012affected < 4.0.1-1.2fixed 4.0.1-1.2
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.
- CVE-2008-3337Aug 8, 2008affected < 4.5.1-1.5fixed 4.5.1-1.5
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
Page 1 of 2