Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 12 SP1 package pdns-recursor, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2020-10030 — CVSS 8.8 (high): An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the…
CVE-2019-3806 — CVSS 8.1 (high): An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received…
CVE-2018-16855 — CVSS 7.5 (high): An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds…
CVE-2020-12244 — CVSS 7.5 (high): An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA…
CVE-2020-25829 — CVSS 7.5 (high): An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the…
CVE-2020-10995 — CVSS 7.5 (high): PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS…
CVE-2018-10851 — CVSS 5.3 (medium): PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9…
CVE-2018-14626 — CVSS 5.3 (medium): PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet…
CVE-2020-14196 — CVSS 5.3 (medium): In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not…
CVE-2018-14644 — CVSS 5.3 (medium): An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type…
CVE-2019-3807 — CVSS 3.7 (low): An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from…
CVE-2018-1000003 — CVSS 3.7 (low): Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to…