Filtered by vendor Nlnetlabs
Subscriptions
Total
50 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-5661 | 4 Isc, Nic, Nlnetlabs and 1 more | 4 Bind, Knot Resolver, Nsd and 1 more | 2024-08-06 | 5.9 Medium |
Cache Poisoning issue exists in DNS Response Rate Limiting. | ||||
CVE-2014-8602 | 4 Canonical, Debian, Nlnetlabs and 1 more | 4 Ubuntu Linux, Debian Linux, Unbound and 1 more | 2024-08-06 | N/A |
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals. | ||||
CVE-2014-3209 | 1 Nlnetlabs | 1 Ldns | 2024-08-06 | N/A |
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. | ||||
CVE-2016-6173 | 1 Nlnetlabs | 1 Nsd | 2024-08-06 | N/A |
NSD before 4.1.11 allows remote DNS master servers to cause a denial of service (/tmp disk consumption and slave server crash) via a zone transfer with unlimited data. | ||||
CVE-2017-1000232 | 1 Nlnetlabs | 1 Ldns | 2024-08-05 | N/A |
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | ||||
CVE-2017-1000231 | 1 Nlnetlabs | 1 Ldns | 2024-08-05 | N/A |
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. | ||||
CVE-2019-25042 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 9.8 Critical |
Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25041 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 7.5 High |
Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25040 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 7.5 High |
Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25039 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 9.8 Critical |
Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25038 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 9.8 Critical |
Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25037 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 7.5 High |
Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25036 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 7.5 High |
Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25035 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 9.8 Critical |
Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25034 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 9.8 Critical |
Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25033 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 9.8 Critical |
Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25032 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-08-05 | 9.8 Critical |
Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
CVE-2019-25031 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-08-05 | 5.9 Medium |
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation | ||||
CVE-2019-18934 | 4 Fedoraproject, Nlnetlabs, Opensuse and 1 more | 4 Fedora, Unbound, Leap and 1 more | 2024-08-05 | 7.3 High |
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration. | ||||
CVE-2019-16866 | 2 Canonical, Nlnetlabs | 2 Ubuntu Linux, Unbound | 2024-08-05 | 7.5 High |
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. |