Powerdns Recursor vulnerabilities

5 known vulnerabilities affecting powerdns/powerdns_recursor.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2017-15093MEDIUMCVSS 5.3v4.x up to and including 4.0.6v3.x up to and including 3.7.42018-01-23
CVE-2017-15093 [MEDIUM] CWE-20 CVE-2017-15093: When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerD When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses
cvelistv5nvd
CVE-2017-15092MEDIUMCVSS 6.1vfrom 4.0.0 up to and including 4.0.62018-01-23
CVE-2017-15092 [MEDIUM] CWE-79 CVE-2017-15092: A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
cvelistv5nvd
CVE-2017-15094MEDIUMCVSS 5.9vfrom 4.0.0 up to and including 4.0.62018-01-23
CVE-2017-15094 [MEDIUM] CWE-401 CVE-2017-15094: An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and includi An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).
cvelistv5nvd
CVE-2014-3614MEDIUMCVSS 5.0v3.6.02014-09-19
CVE-2014-3614 [MEDIUM] CVE-2014-3614: Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.
nvd
CVE-2012-1193MEDIUMCVSS 6.4v3.32012-02-17
CVE-2012-1193 [MEDIUM] CVE-2012-1193: The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL val The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
nvd