Filtered by vendor Powerdns
Subscriptions
Filtered by product Recursor
Subscriptions
Total
60 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42388 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.9 Medium |
| Incomplete validation of the SOA record present in a catalog zone might lead to a crash. | ||||
| CVE-2026-52690 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.9 Medium |
| Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail. | ||||
| CVE-2026-42389 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.3 Medium |
| This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers. | ||||
| CVE-2026-33612 | 1 Powerdns | 1 Recursor | 2026-06-25 | 7.5 High |
| A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning. | ||||
| CVE-2026-40012 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.3 Medium |
| ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled; | ||||
| CVE-2026-42387 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.9 Medium |
| A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation. | ||||
| CVE-2026-42390 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.3 Medium |
| An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation. | ||||
| CVE-2026-33261 | 1 Powerdns | 1 Recursor | 2026-04-28 | 5.9 Medium |
| A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service. | ||||
| CVE-2026-33260 | 1 Powerdns | 3 Authoritative, Dnsdist, Recursor | 2026-04-28 | 5.3 Medium |
| An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | ||||
| CVE-2026-33258 | 1 Powerdns | 1 Recursor | 2026-04-28 | 5.3 Medium |
| By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. | ||||
| CVE-2026-33256 | 1 Powerdns | 1 Recursor | 2026-04-27 | 5.3 Medium |
| An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | ||||
| CVE-2026-33257 | 1 Powerdns | 3 Authoritative, Dnsdist, Recursor | 2026-04-27 | 5.3 Medium |
| An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | ||||
| CVE-2026-33259 | 1 Powerdns | 1 Recursor | 2026-04-27 | 5 Medium |
| Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur with a malfunctioning RPZ provider. | ||||
| CVE-2026-33262 | 1 Powerdns | 1 Recursor | 2026-04-27 | 5.9 Medium |
| An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default. | ||||
| CVE-2026-33600 | 1 Powerdns | 1 Recursor | 2026-04-27 | 4.4 Medium |
| An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | ||||
| CVE-2026-33601 | 1 Powerdns | 1 Recursor | 2026-04-27 | 4.4 Medium |
| If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | ||||
| CVE-2009-4009 | 1 Powerdns | 1 Recursor | 2026-04-23 | N/A |
| Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted packets. | ||||
| CVE-2008-1637 | 1 Powerdns | 1 Recursor | 2026-04-23 | N/A |
| PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information. | ||||
| CVE-2009-4010 | 1 Powerdns | 1 Recursor | 2026-04-23 | N/A |
| Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones. | ||||
| CVE-2006-4252 | 1 Powerdns | 1 Recursor | 2026-04-23 | N/A |
| PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop. | ||||