Approved changes feed: RSS · Atom
cpe:2.3:a:open-xchange:pdns:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Open Xchange (85b486f1-55be-55d2-8b83-a25950d10c23) |
|---|---|
| Product | Pdns (f43233f8-b69c-5b63-a9c4-3d1201e17969) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2016-7074 |
vulnerable | 2026-06-03 14:36:06.809603 |
Details available
MEDIUM (5.3)
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.
Published: 2018-09-11T13:00:00.000Z
Updated: 2024-08-06T01:50:47.469Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7073 |
vulnerable | 2026-06-03 14:36:06.809161 |
Details available
MEDIUM (5.3)
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.
Published: 2018-09-11T13:00:00.000Z
Updated: 2024-08-06T01:50:47.448Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7072 |
vulnerable | 2026-06-03 14:36:06.808727 |
Details available
MEDIUM (5.3)
An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.
Published: 2018-09-10T17:00:00.000Z
Updated: 2024-08-06T01:50:47.436Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-7068 |
vulnerable | 2026-06-03 14:36:06.800109 |
Details available
MEDIUM (5.3)
An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.
Published: 2018-09-11T13:00:00.000Z
Updated: 2024-08-06T01:50:47.232Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.