CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7068 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7068
15 Jan 2017 — An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query contain... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 32%CPEs: 1EXPL: 0CVE-2016-5427
https://notcve.org/view.php?id=CVE-2016-5427
21 Sep 2016 — PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query. PowerDNS (también conocido como pdns) Authoritative Server en versiones anteriores a 3.4.10 no maneja adecuadamente unas etiquetas del interior . (dot), lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU backend) a través de una consulta DNS manipulada. • http://www.debian.org/security/2016/dsa-3664 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2016-5426
https://notcve.org/view.php?id=CVE-2016-5426
21 Sep 2016 — PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. PowerDNS (también conocido como pdns) Authoritative Server en versiones anteriores a 3.4.10 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU backend) a través de un qname largo. • http://www.debian.org/security/2016/dsa-3664 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 33%CPEs: 3EXPL: 0CVE-2015-5311
https://notcve.org/view.php?id=CVE-2015-5311
17 Nov 2015 — PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. PowerDNS (también conocido como pdns) Authoritative Server 3.4.4 en versiones anteriores a 3.4.7 permite a atacantes remotos causar una denegación de servicio (error de aserción y caída del servidor) a través de paquetes de consulta manipulados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2015-5470
https://notcve.org/view.php?id=CVE-2015-5470
02 Nov 2015 — The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. La funcionalidad de descompresión de etiqueta en PowerDNS Recursor en versiones anteriores a 3.6.4 y 3.7.x en versiones anteriores a 3.... • http://www.openwall.com/lists/oss-security/2015/07/07/6 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5230 – Debian Security Advisory 3347-1
https://notcve.org/view.php?id=CVE-2015-5230
03 Sep 2015 — The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. El paquete de análisis DNS y el código de generación de PowerDNS (también se conoce como pdns) Authoritative Server versiones anteriores a 3.4.6, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de paquetes de consulta diseñados. Pyry Hakulinen and Ashish Shakla at Automattic discovered t... • http://www.debian.org/security/2015/dsa-3347 • CWE-20: Improper Input Validation •