Vulnerabilities > NIC > Knot Resolver

DATE CVE VULNERABILITY TITLE RISK
2019-07-16 CVE-2019-10191 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.
network
low complexity
nic fedoraproject CWE-20
7.5
2019-07-16 CVE-2019-10190 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer.
network
low complexity
nic fedoraproject CWE-20
7.5
2018-08-02 CVE-2018-10920 Improper Input Validation vulnerability in NIC Knot Resolver
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
network
nic CWE-20
4.3
2018-01-22 CVE-2018-1000002 Improper Input Validation vulnerability in NIC Knot Resolver
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
network
nic CWE-20
4.3