CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7068 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7068
15 Jan 2017 — An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query contain... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7068 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7072 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7072
15 Jan 2017 — An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it migh... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7072 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2016-7073 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7073
15 Jan 2017 — An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack. Se ha descubierto un problema en PowerDNS en versiones anteriores a la 3.4.11 y 4.0.2, y PowerDNS recursor en versiones anteriores a la 4.0.4, lo que permite q... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7073 • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2016-7074 – Debian Security Advisory 3764-1
https://notcve.org/view.php?id=CVE-2016-7074
15 Jan 2017 — An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature. Se ha descubierto un problema en PowerDNS en versiones anteriores a la 3.4.11 y 4.0.2, y PowerDNS recursor en versiones anteriores... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7074 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-6172
https://notcve.org/view.php?id=CVE-2016-6172
26 Sep 2016 — PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response. PowerDNS (también conocido como pdns) Authoritative Server en versiones anteriores a 4.0.1 permite a servidores DNS primarios remotos provocar una denegación de servicio (agotamiento de memoria y caída del servidor DNS secundario) a través de una gran respuesta (1) AXFR o (2) IXFR. • http://lists.opensuse.org/opensuse-updates/2016-08/msg00085.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2016-5426
https://notcve.org/view.php?id=CVE-2016-5426
21 Sep 2016 — PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. PowerDNS (también conocido como pdns) Authoritative Server en versiones anteriores a 3.4.10 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU backend) a través de un qname largo. • http://www.debian.org/security/2016/dsa-3664 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 32%CPEs: 1EXPL: 0CVE-2016-5427
https://notcve.org/view.php?id=CVE-2016-5427
21 Sep 2016 — PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query. PowerDNS (también conocido como pdns) Authoritative Server en versiones anteriores a 3.4.10 no maneja adecuadamente unas etiquetas del interior . (dot), lo que permite a atacantes remotos provocar una denegación de servicio (consumo de CPU backend) a través de una consulta DNS manipulada. • http://www.debian.org/security/2016/dsa-3664 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 33%CPEs: 3EXPL: 0CVE-2015-5311
https://notcve.org/view.php?id=CVE-2015-5311
17 Nov 2015 — PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. PowerDNS (también conocido como pdns) Authoritative Server 3.4.4 en versiones anteriores a 3.4.7 permite a atacantes remotos causar una denegación de servicio (error de aserción y caída del servidor) a través de paquetes de consulta manipulados. • http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 9EXPL: 0CVE-2015-5470
https://notcve.org/view.php?id=CVE-2015-5470
02 Nov 2015 — The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. La funcionalidad de descompresión de etiqueta en PowerDNS Recursor en versiones anteriores a 3.6.4 y 3.7.x en versiones anteriores a 3.... • http://www.openwall.com/lists/oss-security/2015/07/07/6 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5230 – Debian Security Advisory 3347-1
https://notcve.org/view.php?id=CVE-2015-5230
03 Sep 2015 — The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. El paquete de análisis DNS y el código de generación de PowerDNS (también se conoce como pdns) Authoritative Server versiones anteriores a 3.4.6, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de paquetes de consulta diseñados. Pyry Hakulinen and Ashish Shakla at Automattic discovered t... • http://www.debian.org/security/2015/dsa-3347 • CWE-20: Improper Input Validation •