Powerdns
by PowerDNS
Source repositories
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42000 | Med | 0.44 | 6.8 | 0.00 | May 21, 2026 | Insufficient Validation of Names During AXFR | ||
| CVE-2017-15090 | Med | 0.38 | 5.9 | 0.01 | Jan 23, 2018 | An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in… | ||
| CVE-2026-33610 | Med | 0.31 | 5.9 | 0.00 | Apr 22, 2026 | A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it. | ||
| CVE-2016-7074 | Med | 0.28 | 5.3 | 0.01 | Sep 11, 2018 | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is… | ||
| CVE-2016-7073 | Med | 0.28 | 5.3 | 0.01 | Sep 11, 2018 | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and… | ||
| CVE-2016-7068 | Med | 0.28 | 5.3 | 0.07 | Sep 11, 2018 | An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial… | ||
| CVE-2008-5277 | 0.00 | — | 0.03 | Dec 9, 2008 | PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query. | |||
| CVE-2008-3337 | 0.00 | — | 0.06 | Aug 8, 2008 | PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217. | |||
| CVE-2006-2069 | 0.00 | — | 0.06 | Apr 27, 2006 | The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets. | |||
| CVE-2005-0038 | 0.00 | — | 0.06 | Dec 31, 2005 | The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop. | |||
| CVE-2005-2301 | 0.00 | — | 0.03 | Jul 19, 2005 | PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack. | |||
| CVE-2005-2302 | 0.00 | — | 0.00 | Jul 19, 2005 | PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion. | |||
| CVE-2005-0428 | 0.00 | — | 0.03 | May 2, 2005 | The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes. |
- risk 0.44cvss 6.8epss 0.00
Insufficient Validation of Names During AXFR
- risk 0.38cvss 5.9epss 0.01
An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in…
- risk 0.31cvss 5.9epss 0.00
A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.
- risk 0.28cvss 5.3epss 0.01
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is…
- risk 0.28cvss 5.3epss 0.01
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and…
- risk 0.28cvss 5.3epss 0.07
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial…
- CVE-2008-5277Dec 9, 2008risk 0.00cvss —epss 0.03
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.
- CVE-2008-3337Aug 8, 2008risk 0.00cvss —epss 0.06
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
- CVE-2006-2069Apr 27, 2006risk 0.00cvss —epss 0.06
The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.
- CVE-2005-0038Dec 31, 2005risk 0.00cvss —epss 0.06
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
- CVE-2005-2301Jul 19, 2005risk 0.00cvss —epss 0.03
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
- CVE-2005-2302Jul 19, 2005risk 0.00cvss —epss 0.00
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
- CVE-2005-0428May 2, 2005risk 0.00cvss —epss 0.03
The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.