Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Nlnetlabs Subscribe
Filtered by product Unbound
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16866 2 Canonical, Nlnetlabs 2 Ubuntu Linux, Unbound 2020-08-24 5.0 MEDIUM 7.5 HIGH
Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
CVE-2017-15105 3 Canonical, Debian, Nlnetlabs 3 Ubuntu Linux, Debian Linux, Unbound 2019-10-09 5.0 MEDIUM 5.3 MEDIUM
A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
CVE-2011-1922 1 Nlnetlabs 1 Unbound 2017-08-16 4.3 MEDIUM N/A
daemon/worker.c in Unbound 1.x before 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handling.
CVE-2009-3602 1 Nlnetlabs 1 Unbound 2017-08-16 7.5 HIGH N/A
Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
CVE-2014-8602 3 Canonical, Debian, Nlnetlabs 3 Ubuntu Linux, Debian Linux, Unbound 2016-11-28 4.3 MEDIUM N/A
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
CVE-2009-4008 1 Nlnetlabs 1 Unbound 2011-06-13 5.0 MEDIUM N/A
Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.
CVE-2010-0969 1 Nlnetlabs 1 Unbound 2011-06-01 5.0 MEDIUM N/A
Unbound before 1.4.3 does not properly align structures on 64-bit platforms, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.