Filtered by vendor Synology Subscriptions
Filtered by product Dns Server Subscriptions
Total 5 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-27615 1 Synology 1 Dns Server 2024-11-21 7.7 High
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors.
CVE-2020-8623 8 Canonical, Debian, Fedoraproject and 5 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 7.5 High
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker
CVE-2020-8622 9 Canonical, Debian, Fedoraproject and 6 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 6.5 Medium
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
CVE-2020-8621 5 Canonical, Isc, Netapp and 2 more 5 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 2 more 2024-11-21 7.5 High
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected.
CVE-2017-12074 1 Synology 1 Dns Server 2024-11-21 N/A
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.