Search for packages
| purl | pkg:deb/debian/pdns@4.0.3-1%2Bdeb9u5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4c2u-n7p5-nfg4
Aliases: CVE-2018-14626 |
PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. |
Affected by 5 other vulnerabilities. |
|
VCID-5efj-fcg6-cuc5
Aliases: CVE-2019-10162 |
security update |
Affected by 5 other vulnerabilities. |
|
VCID-8fks-8s21-b7b4
Aliases: CVE-2019-10163 |
security update |
Affected by 5 other vulnerabilities. |
|
VCID-ch2d-p2ru-23ex
Aliases: CVE-2018-10851 |
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. |
Affected by 5 other vulnerabilities. |
|
VCID-ez68-8ben-nuef
Aliases: CVE-2020-24696 |
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. |
Affected by 1 other vulnerability. |
|
VCID-jrb1-cuhc-nqa1
Aliases: CVE-2018-1046 |
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used. |
Affected by 5 other vulnerabilities. |
|
VCID-keaf-6ca3-vkbc
Aliases: CVE-2017-15091 |
An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY. |
Affected by 5 other vulnerabilities. |
|
VCID-m7h2-vam9-1yhn
Aliases: CVE-2020-17482 |
An information disclosure vulnerability in PowerDNS allow remote attackers to obtain sensitive information. |
Affected by 1 other vulnerability. |
|
VCID-qbnt-a5xe-2bg6
Aliases: CVE-2020-24697 |
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. |
Affected by 1 other vulnerability. |
|
VCID-w3fn-hwyn-6ba7
Aliases: CVE-2019-10203 |
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. |
Affected by 1 other vulnerability. |
|
VCID-w9w8-k8h2-b7fc
Aliases: CVE-2019-3871 |
security update |
Affected by 5 other vulnerabilities. |
|
VCID-zcxy-ae2g-3kdy
Aliases: CVE-2020-24698 |
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-5efj-fcg6-cuc5 | security update |
CVE-2019-10162
|
| VCID-8fks-8s21-b7b4 | security update |
CVE-2019-10163
|
| VCID-w9w8-k8h2-b7fc | security update |
CVE-2019-3871
|