Every CVE whose affected-product data names Powerdns Recursor, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2009-4009 — CVSS 10.0 (critical): Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute…
CVE-2020-10030 — CVSS 8.8 (high): An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the…
CVE-2019-3806 — CVSS 8.1 (high): An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received…
CVE-2015-5470 — CVSS 7.8 (high): The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3…
CVE-2015-1868 — CVSS 7.8 (high): The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth)…
CVE-2023-50387 — CVSS 7.5 (high): Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of…
CVE-2009-4010 — CVSS 7.5 (high): Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows remote attackers to spoof DNS data via crafted zones.
CVE-2017-15120 — CVSS 7.5 (high): An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference…
CVE-2022-27227 — CVSS 7.5 (high): In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before…
CVE-2020-25829 — CVSS 7.5 (high): An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the…
CVE-2020-12244 — CVSS 7.5 (high): An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA…
CVE-2018-16855 — CVSS 7.5 (high): An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds…
CVE-2023-50868 — CVSS 7.5 (high): The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a…
CVE-2020-10995 — CVSS 7.5 (high): PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS…
CVE-2006-4251 — CVSS 7.5 (high): Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query…
CVE-2023-22617 — CVSS 7.5 (high): A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a…
CVE-2008-3217 — CVSS 6.8 (medium): PowerDNS Recursor before 3.1.6 does not always use the strongest random number generator for source port selection, which makes it easier…
CVE-2008-1637 — CVSS 6.8 (medium): PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it…
CVE-2022-37428 — CVSS 6.5 (medium): PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown…
CVE-2017-15092 — CVSS 6.1 (medium): A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname…
CVE-2017-15090 — CVSS 5.9 (medium): An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the…
CVE-2017-15094 — CVSS 5.9 (medium): An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when…
CVE-2026-33261 — CVSS 5.9 (medium): A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service.
CVE-2026-33262 — CVSS 5.9 (medium): An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of…
CVE-2020-14196 — CVSS 5.3 (medium): In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not…
CVE-2018-14626 — CVSS 5.3 (medium): PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet…
CVE-2018-10851 — CVSS 5.3 (medium): PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9…
CVE-2025-59029 — CVSS 5.3 (medium): An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache…
CVE-2026-0398 — CVSS 5.3 (medium): Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.
CVE-2026-33256 — CVSS 5.3 (medium): An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The…
CVE-2026-33257 — CVSS 5.3 (medium): An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The…
CVE-2026-33258 — CVSS 5.3 (medium): By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches.
CVE-2026-33260 — CVSS 5.3 (medium): An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The…
CVE-2018-14644 — CVSS 5.3 (medium): An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type…
CVE-2017-15093 — CVSS 5.3 (medium): When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including…
CVE-2016-7074 — CVSS 5.3 (medium): An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of…
CVE-2016-7073 — CVSS 5.3 (medium): An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of…
CVE-2016-7068 — CVSS 5.3 (medium): An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote…
CVE-2006-4252 — CVSS 5.0 (medium): PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a…
CVE-2026-33259 — CVSS 5.0 (medium): Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally…
CVE-2014-8601 — CVSS 5.0 (medium): PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance…
CVE-2026-33600 — CVSS 4.4 (medium): An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading…
CVE-2026-33601 — CVSS 4.4 (medium): If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer…
CVE-2019-3807 — CVSS 3.7 (low): An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from…
CVE-2018-1000003 — CVSS 3.7 (low): Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to…
CVE-2023-26437 — CVSS 3.4 (low): Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor…