Vulnerabilities > Nlnetlabs

DATE CVE VULNERABILITY TITLE RISK
2020-11-27 CVE-2020-10772 Resource Exhaustion vulnerability in Nlnetlabs Unbound 1.6.65
An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414.
network
low complexity
nlnetlabs CWE-400
7.5
2020-08-05 CVE-2020-17366 Improper Certificate Validation vulnerability in Nlnetlabs Routinator
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1.
network
high complexity
nlnetlabs CWE-295
7.4
2020-05-19 CVE-2020-12663 Infinite Loop vulnerability in multiple products
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
7.5
2020-05-19 CVE-2020-12662 Resource Exhaustion vulnerability in multiple products
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue.
7.5
2019-11-19 CVE-2019-18934 OS Command Injection vulnerability in multiple products
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer.
network
low complexity
nlnetlabs fedoraproject opensuse CWE-78
7.3
2019-11-05 CVE-2013-5661 Authentication Bypass by Spoofing vulnerability in multiple products
Cache Poisoning issue exists in DNS Response Rate Limiting.
network
high complexity
isc nlnetlabs nic redhat CWE-290
5.9
2019-10-03 CVE-2019-16866 Use of Uninitialized Resource vulnerability in multiple products
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query.
network
low complexity
nlnetlabs canonical CWE-908
7.5
2019-07-03 CVE-2019-13207 Out-of-bounds Write vulnerability in Nlnetlabs Name Server Daemon 4.2.0
nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c.
network
low complexity
nlnetlabs CWE-787
critical
9.8
2018-01-23 CVE-2017-15105 Improper Input Validation vulnerability in multiple products
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records.
network
low complexity
nlnetlabs debian canonical CWE-20
5.3
2017-11-17 CVE-2017-1000232 Double Free vulnerability in Nlnetlabs Ldns 1.7.0
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
network
low complexity
nlnetlabs CWE-415
critical
9.8