Vulnerabilities > Nlnetlabs
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-19 | CVE-2020-12663 | Infinite Loop vulnerability in multiple products Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | 7.5 |
| 2020-05-19 | CVE-2020-12662 | Resource Exhaustion vulnerability in multiple products Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. | 7.5 |
| 2019-11-19 | CVE-2019-18934 | OS Command Injection vulnerability in multiple products Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. | 7.3 |
| 2019-11-05 | CVE-2013-5661 | Authentication Bypass by Spoofing vulnerability in multiple products Cache Poisoning issue exists in DNS Response Rate Limiting. | 2.6 |
| 2019-10-03 | CVE-2019-16866 | Use of Uninitialized Resource vulnerability in multiple products Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. | 7.5 |
| 2019-07-03 | CVE-2019-13207 | Out-of-bounds Write vulnerability in Nlnetlabs Name Server Daemon 4.2.0 nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c. | 9.8 |
| 2018-01-23 | CVE-2017-15105 | Improper Input Validation vulnerability in multiple products A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. | 5.0 |
| 2017-11-17 | CVE-2017-1000232 | Double Free vulnerability in Nlnetlabs Ldns 1.7.0 A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | 7.5 |
| 2017-11-17 | CVE-2017-1000231 | Double Free vulnerability in Nlnetlabs Ldns 1.7.0 A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. | 7.5 |
| 2017-02-09 | CVE-2016-6173 | Resource Management Errors vulnerability in Nlnetlabs NSD NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. | 7.8 |