Vulnerabilities > Nlnetlabs

DATE CVE VULNERABILITY TITLE RISK
2021-04-27 CVE-2019-25040 Infinite Loop vulnerability in multiple products
Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy.
network
low complexity
nlnetlabs debian CWE-835
7.5
7.5
2021-04-27 CVE-2019-25033 Integer Overflow or Wraparound vulnerability in multiple products
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro.
network
low complexity
nlnetlabs debian CWE-190
critical
 9.8
9.8
2021-04-27 CVE-2019-25038 Integer Overflow or Wraparound vulnerability in multiple products
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c.
network
low complexity
nlnetlabs debian CWE-190
critical
 9.8
9.8
2021-04-27 CVE-2019-25037 Reachable Assertion vulnerability in multiple products
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet.
network
low complexity
nlnetlabs debian CWE-617
7.5
7.5
2021-04-27 CVE-2019-25036 Reachable Assertion vulnerability in multiple products
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname.
network
low complexity
nlnetlabs debian CWE-617
7.5
7.5
2021-04-27 CVE-2019-25035 Out-of-bounds Write vulnerability in multiple products
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par.
network
low complexity
nlnetlabs debian CWE-787
critical
 9.8
9.8
2021-04-27 CVE-2019-25031 Injection vulnerability in multiple products
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session.
network
high complexity
nlnetlabs debian CWE-74
5.9
5.9
2020-12-07 CVE-2020-28935 Link Following vulnerability in multiple products
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack.
local
low complexity
nlnetlabs debian CWE-59
5.5
5.5
2020-11-27 CVE-2020-10772 Resource Exhaustion vulnerability in Nlnetlabs Unbound 1.6.65
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414.
network
low complexity
nlnetlabs CWE-400
7.5
7.5
2020-08-05 CVE-2020-17366 Improper Certificate Validation vulnerability in Nlnetlabs Routinator
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1.
network
high complexity
nlnetlabs CWE-295
7.4
7.4