Vulnerabilities > NIC

DATE CVE VULNERABILITY TITLE RISK
2019-12-16 CVE-2019-19331 Improper Resource Shutdown or Release vulnerability in multiple products
knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization.
network
low complexity
nic debian CWE-404
7.5
7.5
2019-11-05 CVE-2013-5661 Authentication Bypass by Spoofing vulnerability in multiple products
Cache Poisoning issue exists in DNS Response Rate Limiting.
network
high complexity
isc nlnetlabs nic redhat CWE-290
5.9
5.9
2019-09-09 CVE-2019-16159 Out-of-bounds Write vulnerability in multiple products
BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow.
network
low complexity
nic opensuse fedoraproject debian CWE-787
7.5
7.5
2019-07-16 CVE-2019-10191 A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.
network
low complexity
nic fedoraproject
7.5
7.5
2019-07-16 CVE-2019-10190 A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer.
network
low complexity
nic fedoraproject
7.5
7.5
2018-08-02 CVE-2018-10920 Improper Input Validation vulnerability in NIC Knot Resolver
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
network
high complexity
nic CWE-20
6.8
6.8
2018-03-27 CVE-2014-0486 Improper Input Validation vulnerability in NIC Knot CMS
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.
network
low complexity
nic CWE-20
7.5
7.5
2018-01-22 CVE-2018-1000002 Improper Input Validation vulnerability in NIC Knot Resolver
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
network
high complexity
nic CWE-20
3.7
3.7