Vulnerabilities > Nlnetlabs > Unbound
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-19 | CVE-2019-18934 | OS Command Injection vulnerability in multiple products Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. | 7.3 |
| 2019-10-03 | CVE-2019-16866 | Use of Uninitialized Resource vulnerability in multiple products Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. | 7.5 |
| 2018-01-23 | CVE-2017-15105 | Improper Input Validation vulnerability in multiple products A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. | 5.0 |
| 2014-12-11 | CVE-2014-8602 | Resource Management Errors vulnerability in multiple products iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. | 4.3 |
| 2011-06-02 | CVE-2009-4008 | Resource Management Errors vulnerability in Nlnetlabs Unbound Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query. | 5.0 |
| 2011-05-31 | CVE-2011-1922 | Resource Management Errors vulnerability in Nlnetlabs Unbound daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling. | 4.3 |
| 2010-03-16 | CVE-2010-0969 | Resource Management Errors vulnerability in Nlnetlabs Unbound Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | 5.0 |
| 2009-10-13 | CVE-2009-3602 | Cryptographic Issues vulnerability in Nlnetlabs Unbound Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses. | 7.5 |