CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7068 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7068
15 Jan 2017 — An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query contain... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 2%CPEs: 9EXPL: 0CVE-2015-5470
https://notcve.org/view.php?id=CVE-2015-5470
02 Nov 2015 — The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. La funcionalidad de descompresión de etiqueta en PowerDNS Recursor en versiones anteriores a 3.6.4 y 3.7.x en versiones anteriores a 3.... • http://www.openwall.com/lists/oss-security/2015/07/07/6 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-8601 – Gentoo Linux Security Advisory 201412-33
https://notcve.org/view.php?id=CVE-2014-8601
10 Dec 2014 — PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it. PowerDNS Recursor en versiones anteriores a 3.6.2 no limita el encadenamiento de delegación, lo que permite a atacantes remotos provocar una denegación de servicio ("degradaciones de rendimiento") a través un número largo o infinito de referencias, según ... • http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 18EXPL: 0CVE-2009-4009 – Gentoo Linux Security Advisory 201412-33
https://notcve.org/view.php?id=CVE-2009-4009
08 Jan 2010 — Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets. Desbordamiento de búfer en PowerDNS Recursor anterior a v3.1.7.2 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) o posiblemente ejecutar código de su elección a través de paquetes manipulados. Multiple vulnerabilities have been found in PowerDNS Recursor, the worst of which may allow execution of ar... • http://doc.powerdns.com/powerdns-advisory-2010-01.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2009-4010 – Gentoo Linux Security Advisory 201412-33
https://notcve.org/view.php?id=CVE-2009-4010
08 Jan 2010 — Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones. Vulnerabilidad sin especificar en PowerDNS Recursor anterior a v3.1.7.2 permite a atacantes remotos suplantar datos DNS a través de zonas manipuladas. Multiple vulnerabilities have been found in PowerDNS Recursor, the worst of which may allow execution of arbitrary code. Versions less than 3.6.1-r1 are affected. • http://doc.powerdns.com/powerdns-advisory-2010-02.html •