Filtered by vendor Nlnetlabs Subscriptions
Filtered by product Unbound Subscriptions
Total 29 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-25031 2 Debian, Nlnetlabs 2 Debian Linux, Unbound 2024-11-21 5.9 Medium
Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation
CVE-2019-18934 4 Fedoraproject, Nlnetlabs, Opensuse and 1 more 4 Fedora, Unbound, Leap and 1 more 2024-11-21 7.3 High
Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
CVE-2019-16866 2 Canonical, Nlnetlabs 2 Ubuntu Linux, Unbound 2024-11-21 7.5 High
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
CVE-2017-15105 3 Canonical, Debian, Nlnetlabs 3 Ubuntu Linux, Debian Linux, Unbound 2024-11-21 N/A
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
CVE-2014-8602 4 Canonical, Debian, Nlnetlabs and 1 more 4 Ubuntu Linux, Debian Linux, Unbound and 1 more 2024-11-21 N/A
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
CVE-2011-1922 1 Nlnetlabs 1 Unbound 2024-11-21 N/A
daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.
CVE-2010-0969 1 Nlnetlabs 1 Unbound 2024-11-21 N/A
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.
CVE-2009-4008 1 Nlnetlabs 1 Unbound 2024-11-21 N/A
Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.
CVE-2009-3602 1 Nlnetlabs 1 Unbound 2024-11-21 N/A
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.