CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7072 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7072
15 Jan 2017 — An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it migh... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5426
https://notcve.org/view.php?id=CVE-2016-5426
21 Sep 2016 — PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. PowerDNS (también conocido como pdns) Authoritative Server en versiones anteriores a 3.4.10 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU backend) a través de un qname largo. • http://www.debian.org/security/2016/dsa-3664 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5427
https://notcve.org/view.php?id=CVE-2016-5427
21 Sep 2016 — PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query. PowerDNS (también conocido como pdns) Authoritative Server en versiones anteriores a 3.4.10 no maneja adecuadamente unas etiquetas del interior . (dot), lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU backend) a través de una consulta DNS manipulada. • http://www.debian.org/security/2016/dsa-3664 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2015-5470
https://notcve.org/view.php?id=CVE-2015-5470
02 Nov 2015 — The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. La funcionalidad de descompresión de etiqueta en PowerDNS Recursor en versiones anteriores a 3.6.4 y 3.7.x en versiones anteriores a 3.... • http://www.openwall.com/lists/oss-security/2015/07/07/6 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 3%CPEs: 19EXPL: 0CVE-2015-1868 – Debian Security Advisory 3306-1
https://notcve.org/view.php?id=CVE-2015-1868
18 May 2015 — The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. La funcionalidad de la decompresión de etiquetas en PowerDNS Recursor 3.5.x, 3.6.x anterior a 3.6.3, y 3.7.x anterior a 3.7.2 y Authoritative (Auth) Server 3.2.x, 3.3.x anterior a 3.3.2, y 3.4... • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html • CWE-399: Resource Management Errors •