Open-Xchange Pdns vulnerabilities
34 known vulnerabilities affecting open-xchange/pdns.
Total CVEs
34
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH17MEDIUM14LOW1
Vulnerabilities
Page 2 of 2
CVE-2016-2120P4MEDIUMCVSS 6.5≥ 0, < 4.0.2-12018-11-01
CVE-2016-2120 [MEDIUM] CVE-2016-2120: An issue has been found in PowerDNS Authoritative Server versions up to and including 3
An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allo
osv
CVE-2008-3337P4MEDIUMCVSS 6.8≥ 0, < 2.9.21.1-12008-08-08
CVE-2008-3337 [MEDIUM] CVE-2008-3337: PowerDNS Authoritative Server before 2
PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.
osv
CVE-2016-6172P4MEDIUMCVSS 6.8≥ 0, < 4.0.1-12016-09-26
CVE-2016-6172 [MEDIUM] CVE-2016-6172: PowerDNS (aka pdns) Authoritative Server before 4
PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.
osv
CVE-2016-7073P4MEDIUMCVSS 5.9v3.4.11v4.0.2+1 more2018-09-11
CVE-2016-7073 [MEDIUM] CWE-20 CVE-2016-7073: An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, all
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.
nvdosv
CVE-2016-7074P4MEDIUMCVSS 5.9v3.4.11v4.0.2+1 more2018-09-11
CVE-2016-7074 [MEDIUM] CWE-20 CVE-2016-7074: An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, all
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not cov
nvdosv
CVE-2012-0206P4MEDIUMCVSS 5.0≥ 0, < 3.0-1.12012-02-17
CVE-2012-0206 [MEDIUM] CVE-2012-0206: common_startup
common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.
osv
CVE-2005-0038P4MEDIUMCVSS 5.0≥ 0, < 2.9.17-12005-12-31
CVE-2005-0038 [MEDIUM] CVE-2005-0038: The DNS implementation of PowerDNS 2
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.
osv
CVE-2020-17482P4MEDIUMCVSS 4.3≥ 0, < 4.3.1-12020-10-02
CVE-2020-17482 [MEDIUM] CVE-2020-17482: An issue has been found in PowerDNS Authoritative Server before 4
An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
osv
CVE-2019-10203P4MEDIUMCVSS 4.3≥ 0, < 4.2.0-12019-11-22
CVE-2019-10203 [MEDIUM] CVE-2019-10203: PowerDNS Authoritative daemon , pdns versions 4
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.
osv
CVE-2005-2301P4MEDIUMCVSS 5.0≥ 0, < 2.9.18-12005-07-19
CVE-2005-2301 [MEDIUM] CVE-2005-2301: PowerDNS before 2
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
osv
CVE-2019-10163P4MEDIUMCVSS 4.3≥ 0, < 4.1.6-32019-07-30
CVE-2019-10163 [MEDIUM] CVE-2019-10163: A Vulnerability has been found in PowerDNS Authoritative Server before versions 4
A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.
osv
CVE-2005-0428P4MEDIUMCVSS 5.0≥ 0, < 2.9.16-62005-05-02
CVE-2005-0428 [MEDIUM] CVE-2005-0428: The DNSPacket::expand method in dnspacket
The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.
osv
CVE-2008-5277P4MEDIUMCVSS 4.3≥ 0, < 2.9.21.2-12008-12-09
CVE-2008-5277 [MEDIUM] CVE-2008-5277: PowerDNS before 2
PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.
osv
CVE-2005-2302P4LOWCVSS 2.1≥ 0, < 2.9.18-12005-07-19
CVE-2005-2302 [LOW] CVE-2005-2302: PowerDNS before 2
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
osv
← Previous2 / 2