CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-7074 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7074
15 Jan 2017 — An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature. Se ha descubierto un problema en PowerDNS en versiones anteriores a la 3.4.11 y 4.0.2, y PowerDNS recursor en versiones anteriores... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2015-5470
https://notcve.org/view.php?id=CVE-2015-5470
02 Nov 2015 — The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. La funcionalidad de descompresión de etiqueta en PowerDNS Recursor en versiones anteriores a 3.6.4 y 3.7.x en versiones anteriores a 3.... • http://www.openwall.com/lists/oss-security/2015/07/07/6 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 0CVE-2014-8601 – Gentoo Linux Security Advisory 201412-33
https://notcve.org/view.php?id=CVE-2014-8601
10 Dec 2014 — PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. PowerDNS Recursor en versiones anteriores a 3.6.2 no limita el encadenamiento de delegación, lo que permite a atacantes remotos provocar una denegación de servicio ("degradaciones de rendimiento") a través un número largo o infinito de referencias, según ... • http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2009-4010 – Gentoo Linux Security Advisory 201412-33
https://notcve.org/view.php?id=CVE-2009-4010
08 Jan 2010 — Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones. Vulnerabilidad sin especificar en PowerDNS Recursor anterior a v3.1.7.2 permite a atacantes remotos suplantar datos DNS a través de zonas manipuladas. Multiple vulnerabilities have been found in PowerDNS Recursor, the worst of which may allow execution of arbitrary code. Versions less than 3.6.1-r1 are affected. • http://doc.powerdns.com/powerdns-advisory-2010-02.html •
CVSS: 10.0EPSS: 2%CPEs: 18EXPL: 0CVE-2009-4009 – Gentoo Linux Security Advisory 201412-33
https://notcve.org/view.php?id=CVE-2009-4009
08 Jan 2010 — Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets. Desbordamiento de búfer en PowerDNS Recursor anterior a v3.1.7.2 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección a través de paquetes manipulados. Multiple vulnerabilities have been found in PowerDNS Recursor, the worst of which may allow execution of ar... • http://doc.powerdns.com/powerdns-advisory-2010-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •