Vulnerabilities > Nlnetlabs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-13 | CVE-2023-39916 | Path Traversal vulnerability in Nlnetlabs Routinator NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. | 6.5 |
| 2022-08-01 | CVE-2022-30698 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2022-08-01 | CVE-2022-30699 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2022-01-21 | CVE-2020-19860 | Out-of-bounds Read vulnerability in Nlnetlabs Ldns 1.7.1 When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. | 4.3 |
| 2021-11-09 | CVE-2021-43172 | Infinite Loop vulnerability in Nlnetlabs Routinator NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a validation run. | 5.0 |
| 2021-11-09 | CVE-2021-43173 | Resource Exhaustion vulnerability in multiple products In NLnet Labs Routinator prior to 0.10.2, a validation run can be delayed significantly by an RRDP repository by not answering but slowly drip-feeding bytes to keep the connection alive. | 5.0 |
| 2021-11-09 | CVE-2021-43174 | Out-of-bounds Write vulnerability in multiple products NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. | 5.0 |
| 2021-09-21 | CVE-2021-41531 | Improper Input Validation vulnerability in Nlnetlabs Routinator NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. | 5.0 |
| 2021-04-27 | CVE-2019-25031 | Injection vulnerability in multiple products Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. | 5.9 |
| 2020-12-07 | CVE-2020-28935 | Link Following vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. | 5.5 |