Search

Find a vulnerability

Search criteria

    66 vulnerabilities found for Authoritative by PowerDNS

    CVE-2026-42005 (GCVE-0-2026-42005)

    Vulnerability from nvd – Published: 2026-06-25 11:57 – Updated: 2026-06-25 13:04
    VLAI
    Title
    Insufficient input validation of internal web server
    Summary
    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Allocation of Resources Without Limits or Throttling
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 4.9.0 , < 4.9.16 (semver)
    Affected: 5.0.0 , < 5.0.6 (semver)
    Affected: 5.1.0 , < 5.1.2 (semver)
    Create a notification for this product.
    Date Public
    2026-06-10 22:00
    Credits
    ilya rozentsvaig
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T13:03:44.259390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T13:04:12.854Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "ext/yahttp/yahttp/reqresp.cpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "4.9.16",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.0.6",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.1.2",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ilya rozentsvaig"
            }
          ],
          "datePublic": "2026-06-10T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An attacker can send a web request that causes unlimited memory \nallocation in the internal web server, leading to a denial of service. \nThe internal web server is disabled by default."
                }
              ],
              "value": "An attacker can send a web request that causes unlimited memory \nallocation in the internal web server, leading to a denial of service. \nThe internal web server is disabled by default."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T11:57:16.346Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-07.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient input validation of internal web server",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-42005",
        "datePublished": "2026-06-25T11:57:16.346Z",
        "dateReserved": "2026-04-23T11:15:21.199Z",
        "dateUpdated": "2026-06-25T13:04:12.854Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42396 (GCVE-0-2026-42396)

    Vulnerability from nvd – Published: 2026-05-21 09:25 – Updated: 2026-05-21 12:03
    VLAI
    Title
    Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
    Summary
    Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Control of Generation of Code ('Code Injection')
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 4.9.0 , < 4.9.15 (semver)
    Affected: 5.0.0 , < 5.0.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-19 22:00
    Credits
    ilhamaf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42396",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T12:03:13.589644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T12:03:16.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "Catalog Zones"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "auth-catalogzone.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "4.9.15",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ilhamaf"
            }
          ],
          "datePublic": "2026-05-19T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail\u003c/p\u003e"
                }
              ],
              "value": "Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T09:25:03.315Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-42396",
        "datePublished": "2026-05-21T09:25:03.315Z",
        "dateReserved": "2026-04-27T08:53:58.839Z",
        "dateUpdated": "2026-05-21T12:03:16.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42002 (GCVE-0-2026-42002)

    Vulnerability from nvd – Published: 2026-05-21 09:27 – Updated: 2026-05-21 11:59
    VLAI
    Title
    Concurrency and locking defects in GSS-TSIG
    Summary
    Concurrency and locking defects in GSS-TSIG
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Signal Handler Race Condition
    • CWE-364 - Signal Handler Race Condition
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 4.9.0 , < 4.9.15 (semver)
    Affected: 5.0.0 , < 5.0.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-19 22:00
    Credits
    thanos_haruki
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42002",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T11:58:57.204166Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-364",
                    "description": "CWE-364 Signal Handler Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T11:59:46.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "GSS-TSIG"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "gss_context.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "4.9.15",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "thanos_haruki"
            }
          ],
          "datePublic": "2026-05-19T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eConcurrency and locking defects in GSS-TSIG\u003c/p\u003e"
                }
              ],
              "value": "Concurrency and locking defects in GSS-TSIG"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Signal Handler Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T09:27:04.431Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Concurrency and locking defects in GSS-TSIG",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-42002",
        "datePublished": "2026-05-21T09:27:04.431Z",
        "dateReserved": "2026-04-23T11:15:21.198Z",
        "dateUpdated": "2026-05-21T11:59:46.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42001 (GCVE-0-2026-42001)

    Vulnerability from nvd – Published: 2026-05-21 09:26 – Updated: 2026-05-21 12:01
    VLAI
    Title
    Insufficient Validation of Autoprimary SOA Queries
    Summary
    Insufficient Validation of Autoprimary SOA Queries
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Uncontrolled Resource Consumption
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 4.9.0 , < 4.9.15 (semver)
    Affected: 5.0.0 , < 5.0.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-19 22:00
    Credits
    lazarux0x1337
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42001",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T12:00:49.119135Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T12:01:03.812Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "auto-secondary"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "resolver.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "4.9.15",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "lazarux0x1337"
            }
          ],
          "datePublic": "2026-05-19T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient Validation of Autoprimary SOA Queries\u003c/p\u003e"
                }
              ],
              "value": "Insufficient Validation of Autoprimary SOA Queries"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T09:26:38.829Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Validation of Autoprimary SOA Queries",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-42001",
        "datePublished": "2026-05-21T09:26:38.829Z",
        "dateReserved": "2026-04-23T11:15:21.198Z",
        "dateUpdated": "2026-05-21T12:01:03.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42000 (GCVE-0-2026-42000)

    Vulnerability from nvd – Published: 2026-05-21 09:25 – Updated: 2026-05-21 12:02
    VLAI
    Title
    Insufficient Validation of Names During AXFR
    Summary
    Insufficient Validation of Names During AXFR
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 4.9.0 , < 4.9.15 (semver)
    Affected: 5.0.0 , < 5.0.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-19 22:00
    Credits
    ilhamaf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42000",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T12:01:48.669083Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T12:02:35.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "BIND Backend"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "bindbackend2.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "4.9.15",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ilhamaf"
            }
          ],
          "datePublic": "2026-05-19T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient Validation of Names During AXFR\u003c/p\u003e"
                }
              ],
              "value": "Insufficient Validation of Names During AXFR"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T09:25:43.728Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Validation of Names During AXFR",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-42000",
        "datePublished": "2026-05-21T09:25:43.728Z",
        "dateReserved": "2026-04-23T11:15:21.198Z",
        "dateUpdated": "2026-05-21T12:02:35.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41999 (GCVE-0-2026-41999)

    Vulnerability from nvd – Published: 2026-05-21 09:27 – Updated: 2026-05-21 11:58
    VLAI
    Title
    Incorrect Behaviour of Views with TCP PROXY Requests
    Summary
    Incorrect Behaviour of Views with TCP PROXY Requests
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control
    • CWE-284 - Improper Access Control
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-19 22:00
    Credits
    Zwique
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41999",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T11:57:01.581143Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T11:58:25.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "Views with Proxy Protocol"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "tcpreceiver.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Zwique"
            }
          ],
          "datePublic": "2026-05-19T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIncorrect Behaviour of Views with TCP PROXY Requests\u003c/p\u003e"
                }
              ],
              "value": "Incorrect Behaviour of Views with TCP PROXY Requests"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T09:27:26.744Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Behaviour of Views with TCP PROXY Requests",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-41999",
        "datePublished": "2026-05-21T09:27:26.744Z",
        "dateReserved": "2026-04-23T11:15:21.198Z",
        "dateUpdated": "2026-05-21T11:58:25.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33611 (GCVE-0-2026-33611)

    Vulnerability from nvd – Published: 2026-04-22 14:01 – Updated: 2026-04-22 14:24
    VLAI
    Title
    Insufficient validation of HTTPS and SVCB records
    Summary
    An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Integer Overflow or Wraparound
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 22:00
    Credits
    Tibs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T14:24:04.530345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T14:24:57.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "SVCB/ALPN parsing"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "dnswriter.cc",
                "rcpgenerator.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tibs"
            }
          ],
          "datePublic": "2026-04-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.\u003c/p\u003e"
                }
              ],
              "value": "An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T14:01:10.135Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient validation of HTTPS and SVCB records",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33611",
        "datePublished": "2026-04-22T14:01:10.135Z",
        "dateReserved": "2026-03-23T12:58:38.267Z",
        "dateUpdated": "2026-04-22T14:24:57.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33610 (GCVE-0-2026-33610)

    Vulnerability from nvd – Published: 2026-04-22 14:00 – Updated: 2026-04-22 14:26
    VLAI
    Title
    Possible file descriptor exhaustion in forward-dnsupdate
    Summary
    A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Uncontrolled Resource Consumption
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 22:00
    Credits
    ylwango613
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33610",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T14:25:29.036113Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T14:26:32.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "DNS updates forwarding"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "rfc2136handler.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ylwango613"
            }
          ],
          "datePublic": "2026-04-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.\u003c/p\u003e"
                }
              ],
              "value": "A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T14:00:51.529Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible file descriptor exhaustion in forward-dnsupdate",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33610",
        "datePublished": "2026-04-22T14:00:51.529Z",
        "dateReserved": "2026-03-23T12:58:38.267Z",
        "dateUpdated": "2026-04-22T14:26:32.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33609 (GCVE-0-2026-33609)

    Vulnerability from nvd – Published: 2026-04-22 14:00 – Updated: 2026-04-22 14:27
    VLAI
    Title
    LDAP DN injection
    Summary
    Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
    • CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 22:00
    Credits
    ylwango613
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T14:26:43.179728Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-90",
                    "description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T14:27:42.585Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "LDAP backend"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "powerldap.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ylwango613"
            }
          ],
          "datePublic": "2026-04-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIncomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.\u003c/p\u003e"
                }
              ],
              "value": "Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T14:00:33.702Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "LDAP DN injection",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33609",
        "datePublished": "2026-04-22T14:00:33.702Z",
        "dateReserved": "2026-03-23T12:58:38.267Z",
        "dateUpdated": "2026-04-22T14:27:42.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33608 (GCVE-0-2026-33608)

    Vulnerability from nvd – Published: 2026-04-22 14:00 – Updated: 2026-04-22 14:28
    VLAI
    Title
    Incomplete domain name sanitization during
    Summary
    An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Control of Generation of Code ('Code Injection')
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 22:00
    Credits
    Vitaly Simonovich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33608",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T14:28:03.004705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T14:28:15.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "Bind backend"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "bindbackend2.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vitaly Simonovich"
            }
          ],
          "datePublic": "2026-04-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.\u003c/p\u003e"
                }
              ],
              "value": "An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T14:00:15.473Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incomplete domain name sanitization during",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33608",
        "datePublished": "2026-04-22T14:00:15.473Z",
        "dateReserved": "2026-03-23T12:58:38.267Z",
        "dateUpdated": "2026-04-22T14:28:15.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33260 (GCVE-0-2026-33260)

    Vulnerability from nvd – Published: 2026-04-22 09:39 – Updated: 2026-04-22 18:10
    VLAI
    Title
    Insufficient input validation of internal webserver
    Summary
    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Allocation of Resources Without Limits or Throttling
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    PowerDNS DNSdist Affected: 1.9.0 , < 1.9.13 (semver)
    Affected: 2.0.0 , < 2.0.4 (semver)
    Create a notification for this product.
    PowerDNS Recursor Affected: 5.4.0 , < 5.4.1 (semver)
    Affected: 5.3.0 , < 5.3.6 (semver)
    Affected: 5.2.0 , < 5.2.9 (semver)
    Create a notification for this product.
    Date Public
    2026-04-21 22:00
    Credits
    Cavid
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T17:54:50.556616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T18:10:00.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "dnsdist",
              "product": "DNSdist",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "1.9.13",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.0.4",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "pdns-recursor",
              "product": "Recursor",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.4.1",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.3.6",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.2.9",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cavid"
            }
          ],
          "datePublic": "2026-04-21T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.\u003c/p\u003e"
                }
              ],
              "value": "An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T09:39:35.859Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html"
            },
            {
              "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"
            },
            {
              "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient input validation of internal webserver",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33260",
        "datePublished": "2026-04-22T09:39:35.859Z",
        "dateReserved": "2026-03-18T10:06:16.573Z",
        "dateUpdated": "2026-04-22T18:10:00.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33257 (GCVE-0-2026-33257)

    Vulnerability from nvd – Published: 2026-04-22 09:37 – Updated: 2026-04-22 18:10
    VLAI
    Title
    Insufficient input validation of internal webserver
    Summary
    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Allocation of Resources Without Limits or Throttling
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    PowerDNS DNSdist Affected: 1.9.0 , < 1.9.13 (semver)
    Affected: 2.0.0 , < 2.0.4 (semver)
    Create a notification for this product.
    PowerDNS Recursor Affected: 5.4.0 , < 5.4.1 (semver)
    Affected: 5.3.0 , < 5.3.6 (semver)
    Affected: 5.2.0 , < 5.2.9 (semver)
    Create a notification for this product.
    Date Public
    2026-04-21 22:00
    Credits
    Vitaly Simonovich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33257",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T17:54:48.213927Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T18:10:30.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "dnsdist",
              "product": "DNSdist",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "1.9.13",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.0.4",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "pdns-recursor",
              "product": "Recursor",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.4.1",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.3.6",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.2.9",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vitaly Simonovich"
            }
          ],
          "datePublic": "2026-04-21T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.\u003c/p\u003e"
                }
              ],
              "value": "An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T09:37:59.871Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html"
            },
            {
              "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"
            },
            {
              "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient input validation of internal webserver",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33257",
        "datePublished": "2026-04-22T09:37:59.871Z",
        "dateReserved": "2026-03-18T10:06:16.572Z",
        "dateUpdated": "2026-04-22T18:10:30.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-24698 (GCVE-0-2020-24698)

    Vulnerability from nvd – Published: 2020-10-02 08:23 – Updated: 2024-08-04 15:19
    VLAI
    Summary
    An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:19:09.331Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-02T08:23:44.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-24698",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html",
                  "refsource": "CONFIRM",
                  "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-24698",
        "datePublished": "2020-10-02T08:23:44.000Z",
        "dateReserved": "2020-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:19:09.331Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-24697 (GCVE-0-2020-24697)

    Vulnerability from nvd – Published: 2020-10-02 08:23 – Updated: 2024-08-04 15:19
    VLAI
    Summary
    An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:19:09.328Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-02T08:23:11.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-24697",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html",
                  "refsource": "CONFIRM",
                  "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-24697",
        "datePublished": "2020-10-02T08:23:11.000Z",
        "dateReserved": "2020-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:19:09.328Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-24696 (GCVE-0-2020-24696)

    Vulnerability from nvd – Published: 2020-10-02 08:21 – Updated: 2024-08-04 15:19
    VLAI
    Summary
    An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T15:19:09.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-10-02T08:21:46.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-24696",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html",
                  "refsource": "MISC",
                  "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-24696",
        "datePublished": "2020-10-02T08:21:46.000Z",
        "dateReserved": "2020-08-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T15:19:09.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-17482 (GCVE-0-2020-17482)

    Vulnerability from nvd – Published: 2020-10-02 08:21 – Updated: 2024-08-04 14:00
    VLAI
    Summary
    An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/PowerDNS/pdns x_refsource_MISC
    https://doc.powerdns.com/authoritative/security-a… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/202012-18 vendor-advisoryx_refsource_GENTOO
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T14:00:47.480Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/PowerDNS/pdns"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
              },
              {
                "name": "GLSA-202012-18",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202012-18"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-12-23T21:06:13.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/PowerDNS/pdns"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
            },
            {
              "name": "GLSA-202012-18",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202012-18"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2020-17482",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/PowerDNS/pdns",
                  "refsource": "MISC",
                  "url": "https://github.com/PowerDNS/pdns"
                },
                {
                  "name": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html",
                  "refsource": "CONFIRM",
                  "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
                },
                {
                  "name": "GLSA-202012-18",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202012-18"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2020-17482",
        "datePublished": "2020-10-02T08:21:09.000Z",
        "dateReserved": "2020-08-11T00:00:00.000Z",
        "dateUpdated": "2024-08-04T14:00:47.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-42005 (GCVE-0-2026-42005)

    Vulnerability from cvelistv5 – Published: 2026-06-25 11:57 – Updated: 2026-06-25 13:04
    VLAI
    Title
    Insufficient input validation of internal web server
    Summary
    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Allocation of Resources Without Limits or Throttling
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 4.9.0 , < 4.9.16 (semver)
    Affected: 5.0.0 , < 5.0.6 (semver)
    Affected: 5.1.0 , < 5.1.2 (semver)
    Create a notification for this product.
    Date Public
    2026-06-10 22:00
    Credits
    ilya rozentsvaig
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42005",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-25T13:03:44.259390Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-25T13:04:12.854Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "ext/yahttp/yahttp/reqresp.cpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "4.9.16",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.0.6",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.1.2",
                  "status": "affected",
                  "version": "5.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ilya rozentsvaig"
            }
          ],
          "datePublic": "2026-06-10T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An attacker can send a web request that causes unlimited memory \nallocation in the internal web server, leading to a denial of service. \nThe internal web server is disabled by default."
                }
              ],
              "value": "An attacker can send a web request that causes unlimited memory \nallocation in the internal web server, leading to a denial of service. \nThe internal web server is disabled by default."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-25T11:57:16.346Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-07.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient input validation of internal web server",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-42005",
        "datePublished": "2026-06-25T11:57:16.346Z",
        "dateReserved": "2026-04-23T11:15:21.199Z",
        "dateUpdated": "2026-06-25T13:04:12.854Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-41999 (GCVE-0-2026-41999)

    Vulnerability from cvelistv5 – Published: 2026-05-21 09:27 – Updated: 2026-05-21 11:58
    VLAI
    Title
    Incorrect Behaviour of Views with TCP PROXY Requests
    Summary
    Incorrect Behaviour of Views with TCP PROXY Requests
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Access Control
    • CWE-284 - Improper Access Control
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-19 22:00
    Credits
    Zwique
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-41999",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T11:57:01.581143Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T11:58:25.869Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "Views with Proxy Protocol"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "tcpreceiver.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Zwique"
            }
          ],
          "datePublic": "2026-05-19T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIncorrect Behaviour of Views with TCP PROXY Requests\u003c/p\u003e"
                }
              ],
              "value": "Incorrect Behaviour of Views with TCP PROXY Requests"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T09:27:26.744Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect Behaviour of Views with TCP PROXY Requests",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-41999",
        "datePublished": "2026-05-21T09:27:26.744Z",
        "dateReserved": "2026-04-23T11:15:21.198Z",
        "dateUpdated": "2026-05-21T11:58:25.869Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42002 (GCVE-0-2026-42002)

    Vulnerability from cvelistv5 – Published: 2026-05-21 09:27 – Updated: 2026-05-21 11:59
    VLAI
    Title
    Concurrency and locking defects in GSS-TSIG
    Summary
    Concurrency and locking defects in GSS-TSIG
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Signal Handler Race Condition
    • CWE-364 - Signal Handler Race Condition
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 4.9.0 , < 4.9.15 (semver)
    Affected: 5.0.0 , < 5.0.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-19 22:00
    Credits
    thanos_haruki
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42002",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T11:58:57.204166Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-364",
                    "description": "CWE-364 Signal Handler Race Condition",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T11:59:46.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "GSS-TSIG"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "gss_context.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "4.9.15",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "thanos_haruki"
            }
          ],
          "datePublic": "2026-05-19T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eConcurrency and locking defects in GSS-TSIG\u003c/p\u003e"
                }
              ],
              "value": "Concurrency and locking defects in GSS-TSIG"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Signal Handler Race Condition",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T09:27:04.431Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Concurrency and locking defects in GSS-TSIG",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-42002",
        "datePublished": "2026-05-21T09:27:04.431Z",
        "dateReserved": "2026-04-23T11:15:21.198Z",
        "dateUpdated": "2026-05-21T11:59:46.710Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42001 (GCVE-0-2026-42001)

    Vulnerability from cvelistv5 – Published: 2026-05-21 09:26 – Updated: 2026-05-21 12:01
    VLAI
    Title
    Insufficient Validation of Autoprimary SOA Queries
    Summary
    Insufficient Validation of Autoprimary SOA Queries
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Uncontrolled Resource Consumption
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 4.9.0 , < 4.9.15 (semver)
    Affected: 5.0.0 , < 5.0.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-19 22:00
    Credits
    lazarux0x1337
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42001",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T12:00:49.119135Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T12:01:03.812Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "auto-secondary"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "resolver.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "4.9.15",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "lazarux0x1337"
            }
          ],
          "datePublic": "2026-05-19T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient Validation of Autoprimary SOA Queries\u003c/p\u003e"
                }
              ],
              "value": "Insufficient Validation of Autoprimary SOA Queries"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T09:26:38.829Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Validation of Autoprimary SOA Queries",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-42001",
        "datePublished": "2026-05-21T09:26:38.829Z",
        "dateReserved": "2026-04-23T11:15:21.198Z",
        "dateUpdated": "2026-05-21T12:01:03.812Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42000 (GCVE-0-2026-42000)

    Vulnerability from cvelistv5 – Published: 2026-05-21 09:25 – Updated: 2026-05-21 12:02
    VLAI
    Title
    Insufficient Validation of Names During AXFR
    Summary
    Insufficient Validation of Names During AXFR
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Neutralization of Special Elements used in a Command ('Command Injection')
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 4.9.0 , < 4.9.15 (semver)
    Affected: 5.0.0 , < 5.0.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-19 22:00
    Credits
    ilhamaf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42000",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T12:01:48.669083Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-77",
                    "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T12:02:35.449Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "BIND Backend"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "bindbackend2.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "4.9.15",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ilhamaf"
            }
          ],
          "datePublic": "2026-05-19T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient Validation of Names During AXFR\u003c/p\u003e"
                }
              ],
              "value": "Insufficient Validation of Names During AXFR"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T09:25:43.728Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Validation of Names During AXFR",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-42000",
        "datePublished": "2026-05-21T09:25:43.728Z",
        "dateReserved": "2026-04-23T11:15:21.198Z",
        "dateUpdated": "2026-05-21T12:02:35.449Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-42396 (GCVE-0-2026-42396)

    Vulnerability from cvelistv5 – Published: 2026-05-21 09:25 – Updated: 2026-05-21 12:03
    VLAI
    Title
    Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
    Summary
    Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Control of Generation of Code ('Code Injection')
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 4.9.0 , < 4.9.15 (semver)
    Affected: 5.0.0 , < 5.0.5 (semver)
    Create a notification for this product.
    Date Public
    2026-05-19 22:00
    Credits
    ilhamaf
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-42396",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-21T12:03:13.589644Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-21T12:03:16.000Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "Catalog Zones"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "auth-catalogzone.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "4.9.15",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.0.5",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ilhamaf"
            }
          ],
          "datePublic": "2026-05-19T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eInsufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail\u003c/p\u003e"
                }
              ],
              "value": "Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-21T09:25:03.315Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-06.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-42396",
        "datePublished": "2026-05-21T09:25:03.315Z",
        "dateReserved": "2026-04-27T08:53:58.839Z",
        "dateUpdated": "2026-05-21T12:03:16.000Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33611 (GCVE-0-2026-33611)

    Vulnerability from cvelistv5 – Published: 2026-04-22 14:01 – Updated: 2026-04-22 14:24
    VLAI
    Title
    Insufficient validation of HTTPS and SVCB records
    Summary
    An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Integer Overflow or Wraparound
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 22:00
    Credits
    Tibs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33611",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T14:24:04.530345Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-190",
                    "description": "CWE-190 Integer Overflow or Wraparound",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T14:24:57.121Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "SVCB/ALPN parsing"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "dnswriter.cc",
                "rcpgenerator.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tibs"
            }
          ],
          "datePublic": "2026-04-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend.\u003c/p\u003e"
                }
              ],
              "value": "An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T14:01:10.135Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient validation of HTTPS and SVCB records",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33611",
        "datePublished": "2026-04-22T14:01:10.135Z",
        "dateReserved": "2026-03-23T12:58:38.267Z",
        "dateUpdated": "2026-04-22T14:24:57.121Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33610 (GCVE-0-2026-33610)

    Vulnerability from cvelistv5 – Published: 2026-04-22 14:00 – Updated: 2026-04-22 14:26
    VLAI
    Title
    Possible file descriptor exhaustion in forward-dnsupdate
    Summary
    A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Uncontrolled Resource Consumption
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 22:00
    Credits
    ylwango613
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33610",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T14:25:29.036113Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-400",
                    "description": "CWE-400 Uncontrolled Resource Consumption",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T14:26:32.724Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "DNS updates forwarding"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "rfc2136handler.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ylwango613"
            }
          ],
          "datePublic": "2026-04-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eA rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it.\u003c/p\u003e"
                }
              ],
              "value": "A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T14:00:51.529Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Possible file descriptor exhaustion in forward-dnsupdate",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33610",
        "datePublished": "2026-04-22T14:00:51.529Z",
        "dateReserved": "2026-03-23T12:58:38.267Z",
        "dateUpdated": "2026-04-22T14:26:32.724Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33609 (GCVE-0-2026-33609)

    Vulnerability from cvelistv5 – Published: 2026-04-22 14:00 – Updated: 2026-04-22 14:27
    VLAI
    Title
    LDAP DN injection
    Summary
    Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
    • CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 22:00
    Credits
    ylwango613
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33609",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T14:26:43.179728Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-90",
                    "description": "CWE-90 Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T14:27:42.585Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "LDAP backend"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "powerldap.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "ylwango613"
            }
          ],
          "datePublic": "2026-04-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIncomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees.\u003c/p\u003e"
                }
              ],
              "value": "Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Neutralization of Special Elements used in an LDAP Query (\u0027LDAP Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T14:00:33.702Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "LDAP DN injection",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33609",
        "datePublished": "2026-04-22T14:00:33.702Z",
        "dateReserved": "2026-03-23T12:58:38.267Z",
        "dateUpdated": "2026-04-22T14:27:42.585Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33608 (GCVE-0-2026-33608)

    Vulnerability from cvelistv5 – Published: 2026-04-22 14:00 – Updated: 2026-04-22 14:28
    VLAI
    Title
    Incomplete domain name sanitization during
    Summary
    An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Improper Control of Generation of Code ('Code Injection')
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    Date Public
    2026-04-08 22:00
    Credits
    Vitaly Simonovich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33608",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T14:28:03.004705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T14:28:15.172Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "Bind backend"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "bindbackend2.cc"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vitaly Simonovich"
            }
          ],
          "datePublic": "2026-04-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it.\u003c/p\u003e"
                }
              ],
              "value": "An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T14:00:15.473Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-powerdns-2026-05.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incomplete domain name sanitization during",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33608",
        "datePublished": "2026-04-22T14:00:15.473Z",
        "dateReserved": "2026-03-23T12:58:38.267Z",
        "dateUpdated": "2026-04-22T14:28:15.172Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33260 (GCVE-0-2026-33260)

    Vulnerability from cvelistv5 – Published: 2026-04-22 09:39 – Updated: 2026-04-22 18:10
    VLAI
    Title
    Insufficient input validation of internal webserver
    Summary
    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Allocation of Resources Without Limits or Throttling
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    PowerDNS DNSdist Affected: 1.9.0 , < 1.9.13 (semver)
    Affected: 2.0.0 , < 2.0.4 (semver)
    Create a notification for this product.
    PowerDNS Recursor Affected: 5.4.0 , < 5.4.1 (semver)
    Affected: 5.3.0 , < 5.3.6 (semver)
    Affected: 5.2.0 , < 5.2.9 (semver)
    Create a notification for this product.
    Date Public
    2026-04-21 22:00
    Credits
    Cavid
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33260",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T17:54:50.556616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T18:10:00.623Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "dnsdist",
              "product": "DNSdist",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "1.9.13",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.0.4",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "pdns-recursor",
              "product": "Recursor",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.4.1",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.3.6",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.2.9",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Cavid"
            }
          ],
          "datePublic": "2026-04-21T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.\u003c/p\u003e"
                }
              ],
              "value": "An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T09:39:35.859Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html"
            },
            {
              "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"
            },
            {
              "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient input validation of internal webserver",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33260",
        "datePublished": "2026-04-22T09:39:35.859Z",
        "dateReserved": "2026-03-18T10:06:16.573Z",
        "dateUpdated": "2026-04-22T18:10:00.623Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-33257 (GCVE-0-2026-33257)

    Vulnerability from cvelistv5 – Published: 2026-04-22 09:37 – Updated: 2026-04-22 18:10
    VLAI
    Title
    Insufficient input validation of internal webserver
    Summary
    An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Allocation of Resources Without Limits or Throttling
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    OX
    Impacted products
    Vendor Product Version
    PowerDNS Authoritative Affected: 5.0.0 , < 5.0.4 (semver)
    Affected: 4.9.0 , < 4.9.14 (semver)
    Create a notification for this product.
    PowerDNS DNSdist Affected: 1.9.0 , < 1.9.13 (semver)
    Affected: 2.0.0 , < 2.0.4 (semver)
    Create a notification for this product.
    PowerDNS Recursor Affected: 5.4.0 , < 5.4.1 (semver)
    Affected: 5.3.0 , < 5.3.6 (semver)
    Affected: 5.2.0 , < 5.2.9 (semver)
    Create a notification for this product.
    Date Public
    2026-04-21 22:00
    Credits
    Vitaly Simonovich
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-33257",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-04-22T17:54:48.213927Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-04-22T18:10:30.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "pdns",
              "product": "Authoritative",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.0.4",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "4.9.14",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "dnsdist",
              "product": "DNSdist",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "1.9.13",
                  "status": "affected",
                  "version": "1.9.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "2.0.4",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://repo.powerdns.com/",
              "defaultStatus": "unaffected",
              "modules": [
                "YaHTTP"
              ],
              "packageName": "pdns-recursor",
              "product": "Recursor",
              "programFiles": [
                "reqresp.cpp",
                "reqresp.hpp"
              ],
              "repo": "https://github.com/PowerDNS/pdns",
              "vendor": "PowerDNS",
              "versions": [
                {
                  "lessThan": "5.4.1",
                  "status": "affected",
                  "version": "5.4.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.3.6",
                  "status": "affected",
                  "version": "5.3.0",
                  "versionType": "semver"
                },
                {
                  "lessThan": "5.2.9",
                  "status": "affected",
                  "version": "5.2.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Vitaly Simonovich"
            }
          ],
          "datePublic": "2026-04-21T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.\u003c/p\u003e"
                }
              ],
              "value": "An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-22T09:37:59.871Z",
            "orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
            "shortName": "OX"
          },
          "references": [
            {
              "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html"
            },
            {
              "url": "https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html"
            },
            {
              "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient input validation of internal webserver",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
        "assignerShortName": "OX",
        "cveId": "CVE-2026-33257",
        "datePublished": "2026-04-22T09:37:59.871Z",
        "dateReserved": "2026-03-18T10:06:16.572Z",
        "dateUpdated": "2026-04-22T18:10:30.709Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-202010-0408

    Vulnerability from variot - Updated: 2024-11-23 22:29

    An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. PowerDNS Authoritative Server Contains an information disclosure vulnerability.Information may be obtained. PowerDNS Authoritative Server is a DNS server of Dutch PowerDNS company.

    Background

    The PowerDNS nameserver is an authoritative-only nameserver which uses a flexible backend architecture.

    Affected packages

     -------------------------------------------------------------------
      Package              /     Vulnerable     /            Unaffected
     -------------------------------------------------------------------
    

    1 net-dns/pdns < 4.3.1 >= 4.3.1

    Description

    It was discovered that PowerDNS did not properly handle certain unknown records. Crafted records cannot be inserted via AXFR.

    Workaround

    Do not take zone data from untrusted users.

    Resolution

    All PowerDNS users should upgrade to the latest version:

    # emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/pdns-4.3.1"

    References

    [ 1 ] CVE-2020-17482 https://nvd.nist.gov/vuln/detail/CVE-2020-17482 [ 2 ] PowerDNS Security Advisory 2020-05

    https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html

    Availability

    This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

    https://security.gentoo.org/glsa/202012-18

    Concerns?

    Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License

    Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

    The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202010-0408",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "authoritative",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "powerdns",
            "version": "4.3.1"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "powerdns",
            "version": null
          },
          {
            "model": "authoritative server",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "powerdns",
            "version": "4.3.1  less than"
          },
          {
            "model": "authoritative server",
            "scope": "lt",
            "trust": 0.6,
            "vendor": "powerdns",
            "version": "4.3.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012088"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-17482"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Gentoo",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "160711"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          }
        ],
        "trust": 0.7
      },
      "cve": "CVE-2020-17482",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2020-17482",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2020-57064",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2020-17482",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2020-17482",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2020-17482",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2020-17482",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2020-57064",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202009-1634",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-17482"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. PowerDNS Authoritative Server Contains an information disclosure vulnerability.Information may be obtained. PowerDNS Authoritative Server is a DNS server of Dutch PowerDNS company. \n\nBackground\n==========\n\nThe PowerDNS nameserver is an authoritative-only nameserver which uses\na flexible backend architecture. \n\nAffected packages\n=================\n\n     -------------------------------------------------------------------\n      Package              /     Vulnerable     /            Unaffected\n     -------------------------------------------------------------------\n   1  net-dns/pdns                 \u003c 4.3.1                    \u003e= 4.3.1\n\nDescription\n===========\n\nIt was discovered that PowerDNS did not properly handle certain unknown\nrecords. \nCrafted records cannot be inserted via AXFR. \n\nWorkaround\n==========\n\nDo not take zone data from untrusted users. \n\nResolution\n==========\n\nAll PowerDNS users should upgrade to the latest version:\n\n   # emerge --sync\n   # emerge --ask --oneshot --verbose \"\u003e=net-dns/pdns-4.3.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-17482\n       https://nvd.nist.gov/vuln/detail/CVE-2020-17482\n[ 2 ] PowerDNS Security Advisory 2020-05\n \nhttps://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  https://security.gentoo.org/glsa/202012-18\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2020-17482"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012088"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          },
          {
            "db": "PACKETSTORM",
            "id": "160711"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2020-17482",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012088",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "160711",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064",
            "trust": 0.6
          },
          {
            "db": "NSFOCUS",
            "id": "50576",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1634",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012088"
          },
          {
            "db": "PACKETSTORM",
            "id": "160711"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-17482"
          }
        ]
      },
      "id": "VAR-202010-0408",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:29:27.861000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Leaking\u00a0uninitialised\u00a0memory\u00a0through\u00a0crafted\u00a0zone\u00a0records",
            "trust": 0.8,
            "url": "https://github.com/PowerDNS/pdns"
          },
          {
            "title": "Patch for PowerDNS Authoritative Server information disclosure vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/236497"
          },
          {
            "title": "PowerDNS Authoritative Server Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131086"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012088"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-908",
            "trust": 1.0
          },
          {
            "problemtype": "information leak (CWE-200) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012088"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-17482"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2020-17482"
          },
          {
            "trust": 1.7,
            "url": "https://security.gentoo.org/glsa/202012-18"
          },
          {
            "trust": 1.6,
            "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
          },
          {
            "trust": 1.6,
            "url": "https://github.com/powerdns/pdns"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/powerdns-information-disclosure-via-zone-records-33428"
          },
          {
            "trust": 0.6,
            "url": "http://www.nsfocus.net/vulndb/50576"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/160711/gentoo-linux-security-advisory-202012-18.html"
          },
          {
            "trust": 0.1,
            "url": "https://creativecommons.org/licenses/by-sa/2.5"
          },
          {
            "trust": 0.1,
            "url": "https://security.gentoo.org/"
          },
          {
            "trust": 0.1,
            "url": "https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html"
          },
          {
            "trust": 0.1,
            "url": "https://bugs.gentoo.org."
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012088"
          },
          {
            "db": "PACKETSTORM",
            "id": "160711"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-17482"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2020-012088"
          },
          {
            "db": "PACKETSTORM",
            "id": "160711"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          },
          {
            "db": "NVD",
            "id": "CVE-2020-17482"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-15T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          },
          {
            "date": "2021-04-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-012088"
          },
          {
            "date": "2020-12-24T17:18:18",
            "db": "PACKETSTORM",
            "id": "160711"
          },
          {
            "date": "2020-09-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          },
          {
            "date": "2020-10-02T09:15:13.570000",
            "db": "NVD",
            "id": "CVE-2020-17482"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          },
          {
            "date": "2021-04-23T08:59:00",
            "db": "JVNDB",
            "id": "JVNDB-2020-012088"
          },
          {
            "date": "2022-01-04T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          },
          {
            "date": "2024-11-21T05:08:12.210000",
            "db": "NVD",
            "id": "CVE-2020-17482"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "160711"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PowerDNS Authoritative Server information disclosure vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2020-57064"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202009-1634"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201907-1556

    Vulnerability from variot - Updated: 2024-11-23 22:06

    A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. PowerDNS Authoritative Server Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. PowerDNSAuthoritativeServer is a DNS server of the Dutch PowerDNS company. A security vulnerability exists in PowerDNSAuthoritativeServer 4.1.8 and earlier. An attacker could exploit the vulnerability by sending a large number of NOTIFY packets to cause a denial of service. PowerDNS Authoritative Server is prone to a denial-of-service vulnerability. PowerDNS Authoritative Server version 4.1.8 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512


    Debian Security Advisory DSA-4470-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 23, 2019 https://www.debian.org/security/faq


    Package : pdns CVE ID : CVE-2019-10162 CVE-2019-10163

    Two vulnerabilities have been discovered in pdns, an authoritative DNS server which may result in denial of service via malformed zone records and excessive NOTIFY packets in a master/slave setup.

    For the stable distribution (stretch), these problems have been fixed in version 4.0.3-1+deb9u5.

    We recommend that you upgrade your pdns packages.

    For the detailed security status of pdns please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pdns

    Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0P6LYACgkQEMKTtsN8 Tjbi2RAAqjNYSOlZ5W/yfVxGPO5OiyC8XojhGPuPdVmByyCDTqzgPtZftKHxXfD2 0sdc5/NM7ZNC/3brzRrVlMVRm7/bJvPloeDAGb8bnSzge9Nzz9FB7zcQxc5fdaqA pn7/++FWXDmOVy2NEObcerk/SodAWDpVfmIZP6kH3aIeGs0WrUA/cusmV+C94kgv 6XVJ3IW2dsIQrHvkoBMi4TJg5PrIHW0RruuJHlUSUgTusZ3XQS+hd93dciK7E+an xi0yB5oA6Mb/vw7DzlBRQfkgMiG6p9YRTgXwBdvrxqEVkNYpq9G/xH+nUdE6rDqt M3bG5tUMGCdtywwmwaSGXvkv6/5puPkMRpJIyTeVQTVYMbOgWyovC5sB5T8JytyD tW7qpbv/Mbhw0mmh0m8KoWnegNQhTTn8d3IKCxalB9JYpw3zhkHmfQW79lBRtqCy SvJEhkOVW7yhsWCl+HjKMXphsPST/oeKP3vJx4ET+4n58OfOt9Fm7rx406g2sY2o NsUwTdF3GDD00v0iuF+Vcm2nA6Qj6dOAXlp4kZygjFbDao4iF6lzY4KGDYS/Pn5Z kB4g58ShfWkAE+/WAvF8QVNcICnlI3l9SxwR2NiY/x6O53vkYBWeiJP/OvRQhlPQ Kw4enCb3qrjgb6jMNDPBMe8TjMh92sEqiXPQBy57OcStAjcfxfI= =nUCz -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1556",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "authoritative",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "powerdns",
            "version": "4.1.0"
          },
          {
            "model": "authoritative",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "powerdns",
            "version": "4.0.8"
          },
          {
            "model": "authoritative",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "powerdns",
            "version": "4.1.0"
          },
          {
            "model": "authoritative",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "powerdns",
            "version": "4.1.9"
          },
          {
            "model": "backports",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "sle-15"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.1"
          },
          {
            "model": "leap",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "opensuse",
            "version": "15.0"
          },
          {
            "model": "authoritative",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "powerdns",
            "version": "4.0.0"
          },
          {
            "model": "authoritative server",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "powerdns",
            "version": "4.0.8"
          },
          {
            "model": "authoritative server",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "powerdns",
            "version": "4.1.9"
          },
          {
            "model": "authoritative server",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "powerdns",
            "version": "\u003c=4.1.8"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.1.8"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.1.7"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.1.6"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.1.5"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.1.4"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.1.3"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.1.2"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.1.1"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.1"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.0.7"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.0.6"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.0.5"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.0.4"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.0.3"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.0.2"
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.0.1"
          },
          {
            "model": "authoritative server 4.0.0-rc2",
            "scope": null,
            "trust": 0.3,
            "vendor": "powerdns",
            "version": null
          },
          {
            "model": "authoritative server 4.0.0-beta1",
            "scope": null,
            "trust": 0.3,
            "vendor": "powerdns",
            "version": null
          },
          {
            "model": "authoritative server",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.0.0"
          },
          {
            "model": "authoritative server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.1.9"
          },
          {
            "model": "authoritative server",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "powerdns",
            "version": "4.0.8"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          },
          {
            "db": "BID",
            "id": "108878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10163"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:powerdns:authoritative_server",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Debian,Gert van Dijk",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-866"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-10163",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-10163",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-19481",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-10163",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "secalert@redhat.com",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.1,
                "id": "CVE-2019-10163",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2019-10163",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-10163",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "secalert@redhat.com",
                "id": "CVE-2019-10163",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-10163",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-19481",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201906-866",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-10163",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10163"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-866"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10163"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10163"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue. PowerDNS Authoritative Server Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. PowerDNSAuthoritativeServer is a DNS server of the Dutch PowerDNS company. A security vulnerability exists in PowerDNSAuthoritativeServer 4.1.8 and earlier. An attacker could exploit the vulnerability by sending a large number of NOTIFY packets to cause a denial of service. PowerDNS Authoritative Server is prone to a denial-of-service vulnerability. \nPowerDNS Authoritative Server version 4.1.8 and prior are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4470-1                   security@debian.org\nhttps://www.debian.org/security/                       Moritz Muehlenhoff\nJune 23, 2019                         https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage        : pdns\nCVE ID         : CVE-2019-10162 CVE-2019-10163\n\nTwo vulnerabilities have been discovered in pdns, an authoritative DNS\nserver which may result in denial of service via malformed zone records\nand excessive NOTIFY packets in a master/slave setup. \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.0.3-1+deb9u5. \n\nWe recommend that you upgrade your pdns packages. \n\nFor the detailed security status of pdns please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/pdns\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl0P6LYACgkQEMKTtsN8\nTjbi2RAAqjNYSOlZ5W/yfVxGPO5OiyC8XojhGPuPdVmByyCDTqzgPtZftKHxXfD2\n0sdc5/NM7ZNC/3brzRrVlMVRm7/bJvPloeDAGb8bnSzge9Nzz9FB7zcQxc5fdaqA\npn7/++FWXDmOVy2NEObcerk/SodAWDpVfmIZP6kH3aIeGs0WrUA/cusmV+C94kgv\n6XVJ3IW2dsIQrHvkoBMi4TJg5PrIHW0RruuJHlUSUgTusZ3XQS+hd93dciK7E+an\nxi0yB5oA6Mb/vw7DzlBRQfkgMiG6p9YRTgXwBdvrxqEVkNYpq9G/xH+nUdE6rDqt\nM3bG5tUMGCdtywwmwaSGXvkv6/5puPkMRpJIyTeVQTVYMbOgWyovC5sB5T8JytyD\ntW7qpbv/Mbhw0mmh0m8KoWnegNQhTTn8d3IKCxalB9JYpw3zhkHmfQW79lBRtqCy\nSvJEhkOVW7yhsWCl+HjKMXphsPST/oeKP3vJx4ET+4n58OfOt9Fm7rx406g2sY2o\nNsUwTdF3GDD00v0iuF+Vcm2nA6Qj6dOAXlp4kZygjFbDao4iF6lzY4KGDYS/Pn5Z\nkB4g58ShfWkAE+/WAvF8QVNcICnlI3l9SxwR2NiY/x6O53vkYBWeiJP/OvRQhlPQ\nKw4enCb3qrjgb6jMNDPBMe8TjMh92sEqiXPQBy57OcStAjcfxfI=\n=nUCz\n-----END PGP SIGNATURE-----\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-10163"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          },
          {
            "db": "BID",
            "id": "108878"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10163"
          },
          {
            "db": "PACKETSTORM",
            "id": "153381"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-10163",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "108878",
            "trust": 1.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2234",
            "trust": 1.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437",
            "trust": 0.8
          },
          {
            "db": "PACKETSTORM",
            "id": "153381",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-19481",
            "trust": 0.6
          },
          {
            "db": "AUSCERT",
            "id": "ESB-2019.2436",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-866",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10163",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10163"
          },
          {
            "db": "BID",
            "id": "108878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          },
          {
            "db": "PACKETSTORM",
            "id": "153381"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-866"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10163"
          }
        ]
      },
      "id": "VAR-201907-1556",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          }
        ],
        "trust": 0.06
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:06:07.249000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "PowerDNS Authoritative Server 4.0.8 and 4.1.10 Released",
            "trust": 0.8,
            "url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
          },
          {
            "title": "PowerDNS Security Advisory 2019-05: Denial of service via NOTIFY packets",
            "trust": 0.8,
            "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
          },
          {
            "title": "PowerDNSAuthoritativeServer denial of service vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/165551"
          },
          {
            "title": "PowerDNS Authoritative Server Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94008"
          },
          {
            "title": "Debian Security Advisories: DSA-4470-1 pdns -- security update",
            "trust": 0.1,
            "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=ef0d33d49b08fb003c26be24d917554f"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/Live-Hack-CVE/CVE-2019-10163 "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10163"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-866"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-770",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-400",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10163"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2019-05.html"
          },
          {
            "trust": 1.7,
            "url": "https://blog.powerdns.com/2019/06/21/powerdns-authoritative-server-4-0-8-and-4-1-10-released/"
          },
          {
            "trust": 1.7,
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=cve-2019-10163"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00036.html"
          },
          {
            "trust": 1.7,
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00054.html"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10163"
          },
          {
            "trust": 1.3,
            "url": "http://www.debian.org/security/2019/dsa-4470"
          },
          {
            "trust": 1.2,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2234/"
          },
          {
            "trust": 0.9,
            "url": "http://www.powerdns.com/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10163"
          },
          {
            "trust": 0.7,
            "url": "https://www.securityfocus.com/bid/108878"
          },
          {
            "trust": 0.6,
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00002.html"
          },
          {
            "trust": 0.6,
            "url": "https://www.auscert.org.au/bulletins/esb-2019.2436/"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/powerdns-denial-of-service-via-notify-packets-29602"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/153381/debian-security-advisory-4470-1.html"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/770.html"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/live-hack-cve/cve-2019-10163"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://security-tracker.debian.org/tracker/pdns"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/faq"
          },
          {
            "trust": 0.1,
            "url": "https://www.debian.org/security/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10162"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10163"
          },
          {
            "db": "BID",
            "id": "108878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          },
          {
            "db": "PACKETSTORM",
            "id": "153381"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-866"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10163"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-10163"
          },
          {
            "db": "BID",
            "id": "108878"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          },
          {
            "db": "PACKETSTORM",
            "id": "153381"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-866"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-10163"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          },
          {
            "date": "2019-07-30T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-10163"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "BID",
            "id": "108878"
          },
          {
            "date": "2019-08-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          },
          {
            "date": "2019-06-23T19:22:22",
            "db": "PACKETSTORM",
            "id": "153381"
          },
          {
            "date": "2019-06-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-866"
          },
          {
            "date": "2019-07-30T23:15:12.263000",
            "db": "NVD",
            "id": "CVE-2019-10163"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-06-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-19481"
          },
          {
            "date": "2023-02-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-10163"
          },
          {
            "date": "2019-06-21T00:00:00",
            "db": "BID",
            "id": "108878"
          },
          {
            "date": "2019-08-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          },
          {
            "date": "2020-10-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201906-866"
          },
          {
            "date": "2024-11-21T04:18:33.233000",
            "db": "NVD",
            "id": "CVE-2019-10163"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-866"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "PowerDNS Authoritative Server Vulnerable to resource exhaustion",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-007437"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "resource management error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201906-866"
          }
        ],
        "trust": 0.6
      }
    }