Vulnerabilities > Nlnetlabs > Unbound > 1.6.6

DATE CVE VULNERABILITY TITLE RISK
2019-11-19 CVE-2019-18934 OS Command Injection vulnerability in multiple products
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer.
network
low complexity
nlnetlabs fedoraproject opensuse CWE-78
7.3
7.3
2019-10-03 CVE-2019-16866 Use of Uninitialized Resource vulnerability in multiple products
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query.
network
low complexity
nlnetlabs canonical CWE-908
7.5
7.5
2018-01-23 CVE-2017-15105 Improper Input Validation vulnerability in multiple products
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records.
network
low complexity
nlnetlabs debian canonical CWE-20
5.3
5.3