Vulnerabilities > Knot DNS
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-08 | CVE-2017-11104 | Improper Input Validation vulnerability in multiple products Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. | 5.9 |
2017-02-09 | CVE-2016-6171 | Resource Exhaustion vulnerability in Knot-Dns Knot DNS 2.1.1/2.2.0/2.2.1 Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. | 8.6 |