Powerdns Recursor
Approved changes feed: RSS · Atom
cpe:2.3:a:powerdns:powerdns_recursor:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Powerdns (ef825119-8390-5906-a637-f6692acc90eb) |
|---|---|
| Product | Powerdns Recursor (be566194-fe6c-5011-8649-7e09105a0543) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/pdns |
purl2cpe | 2026-06-01 10:12:49.238454 |
pkg:deb/ubuntu/pdns |
purl2cpe | 2026-06-01 10:12:49.238457 |
pkg:github/powerdns/pdns |
purl2cpe | 2026-06-01 10:12:49.238460 |
pkg:rpm/fedora/pdns |
purl2cpe | 2026-06-01 10:12:49.238462 |
pkg:rpm/opensuse/pdns |
purl2cpe | 2026-06-01 10:12:49.238465 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-15094 |
vulnerable | 2026-06-08 05:08:57.831708 |
Details available
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).
Published: 2018-01-23T15:00:00.000Z
Updated: 2024-09-16T16:48:39.753Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-15093 |
vulnerable | 2026-06-08 05:08:57.831369 |
Details available
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.
Published: 2018-01-23T15:00:00.000Z
Updated: 2024-09-17T00:35:38.803Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-15092 |
vulnerable | 2026-06-08 05:08:57.830972 |
Details available
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
Published: 2018-01-23T15:00:00.000Z
Updated: 2024-09-17T03:27:42.169Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.