Vulnerabilities > NIC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2023-50387 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. | 7.5 |
| 2023-10-22 | CVE-2023-46317 | Unspecified vulnerability in NIC Knot Resolver Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. | 7.5 |
| 2023-02-21 | CVE-2023-26249 | Allocation of Resources Without Limits or Throttling vulnerability in NIC Knot Resolver Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. | 7.5 |
| 2022-09-23 | CVE-2022-40188 | Algorithmic Complexity vulnerability in multiple products Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. | 7.5 |
| 2022-06-20 | CVE-2022-32983 | Authentication Bypass by Spoofing vulnerability in NIC Knot Resolver Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. | 5.0 |
| 2021-08-25 | CVE-2021-40083 | Reachable Assertion vulnerability in NIC Knot Resolver Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). | 5.0 |
| 2021-06-04 | CVE-2021-26928 | Missing Authentication for Critical Function vulnerability in NIC Bird BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. | 6.8 |
| 2021-03-30 | CVE-2018-1110 | Improper Input Validation vulnerability in NIC Knot Resolver A flaw was found in knot-resolver before version 2.3.0. | 5.0 |
| 2021-01-29 | CVE-2021-3346 | Unspecified vulnerability in NIC Foris Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template. | 7.5 |
| 2020-05-19 | CVE-2020-12667 | Resource Exhaustion vulnerability in NIC Knot Resolver Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. | 7.5 |