Approved changes feed: RSS · Atom

cpe:2.3:a:powerdns:powerdns_recursor:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorPowerdns (ef825119-8390-5906-a637-f6692acc90eb)
ProductPowerdns Recursor (be566194-fe6c-5011-8649-7e09105a0543)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:deb/debian/pdns purl2cpe 2026-06-01 10:12:49.238454
pkg:deb/ubuntu/pdns purl2cpe 2026-06-01 10:12:49.238457
pkg:github/powerdns/pdns purl2cpe 2026-06-01 10:12:49.238460
pkg:rpm/fedora/pdns purl2cpe 2026-06-01 10:12:49.238462
pkg:rpm/opensuse/pdns purl2cpe 2026-06-01 10:12:49.238465

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2017-15094 vulnerable 2026-06-08 05:08:57.831708 Details available
An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).
Published: 2018-01-23T15:00:00.000Z
Updated: 2024-09-16T16:48:39.753Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-15093 vulnerable 2026-06-08 05:08:57.831369 Details available
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.
Published: 2018-01-23T15:00:00.000Z
Updated: 2024-09-17T00:35:38.803Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2017-15092 vulnerable 2026-06-08 05:08:57.830972 Details available
A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
Published: 2018-01-23T15:00:00.000Z
Updated: 2024-09-17T03:27:42.169Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.