Vulnerabilities > Nlnetlabs > Unbound > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-03 | CVE-2024-8508 | Improper Validation of Specified Quantity in Input vulnerability in multiple products NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. | 5.3 |
| 2022-08-01 | CVE-2022-30698 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2022-08-01 | CVE-2022-30699 | Insufficient Session Expiration vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. | 6.5 |
| 2021-04-27 | CVE-2019-25031 | Injection vulnerability in multiple products Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. | 5.9 |
| 2020-12-07 | CVE-2020-28935 | Link Following vulnerability in multiple products NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. | 5.5 |
| 2018-01-23 | CVE-2017-15105 | Improper Input Validation vulnerability in multiple products A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. | 5.3 |