Search for packages
| purl | pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ez68-8ben-nuef
Aliases: CVE-2020-24696 |
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. |
Affected by 1 other vulnerability. |
|
VCID-m7h2-vam9-1yhn
Aliases: CVE-2020-17482 |
An information disclosure vulnerability in PowerDNS allow remote attackers to obtain sensitive information. |
Affected by 1 other vulnerability. |
|
VCID-qbnt-a5xe-2bg6
Aliases: CVE-2020-24697 |
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. |
Affected by 1 other vulnerability. |
|
VCID-w3fn-hwyn-6ba7
Aliases: CVE-2019-10203 |
PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS. |
Affected by 1 other vulnerability. |
|
VCID-zcxy-ae2g-3kdy
Aliases: CVE-2020-24698 |
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-4c2u-n7p5-nfg4 | PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service. |
CVE-2018-14626
|
| VCID-5efj-fcg6-cuc5 | security update |
CVE-2019-10162
|
| VCID-8fks-8s21-b7b4 | security update |
CVE-2019-10163
|
| VCID-ch2d-p2ru-23ex | PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. |
CVE-2018-10851
|
| VCID-jrb1-cuhc-nqa1 | pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used. |
CVE-2018-1046
|
| VCID-keaf-6ca3-vkbc | An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY. |
CVE-2017-15091
|
| VCID-w9w8-k8h2-b7fc | security update |
CVE-2019-3871
|