Vulnerabilities > Nlnetlabs
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-27 | CVE-2020-10772 | Resource Exhaustion vulnerability in Nlnetlabs Unbound 1.6.65 An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. | 7.5 |
2020-08-05 | CVE-2020-17366 | Improper Certificate Validation vulnerability in Nlnetlabs Routinator An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. | 7.4 |
2020-05-19 | CVE-2020-12663 | Infinite Loop vulnerability in multiple products Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | 7.5 |
2020-05-19 | CVE-2020-12662 | Resource Exhaustion vulnerability in multiple products Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. | 7.5 |
2019-11-19 | CVE-2019-18934 | OS Command Injection vulnerability in multiple products Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. | 7.3 |
2019-11-05 | CVE-2013-5661 | Authentication Bypass by Spoofing vulnerability in multiple products Cache Poisoning issue exists in DNS Response Rate Limiting. | 5.9 |
2019-10-03 | CVE-2019-16866 | Use of Uninitialized Resource vulnerability in multiple products Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. | 7.5 |
2019-07-03 | CVE-2019-13207 | Out-of-bounds Write vulnerability in Nlnetlabs Name Server Daemon 4.2.0 nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c. | 9.8 |
2018-01-23 | CVE-2017-15105 | Improper Input Validation vulnerability in multiple products A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. | 5.3 |
2017-11-17 | CVE-2017-1000232 | Double Free vulnerability in Nlnetlabs Ldns 1.7.0 A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | 9.8 |