Filtered by vendor Nlnetlabs
Subscribe
Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12663 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. | |||||
| CVE-2020-12662 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | |||||
| CVE-2020-10772 | 2 Nlnetlabs, Redhat | 2 Unbound, Enterprise Linux | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound. | |||||
| CVE-2019-25042 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25041 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25040 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25039 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25038 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25037 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25036 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25035 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25034 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25033 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25032 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25031 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation | |||||
| CVE-2019-18934 | 3 Fedoraproject, Nlnetlabs, Opensuse | 3 Fedora, Unbound, Leap | 2026-06-17 | 6.8 MEDIUM | 7.3 HIGH |
| Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration. | |||||
| CVE-2019-16866 | 2 Canonical, Nlnetlabs | 2 Ubuntu Linux, Unbound | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | |||||
| CVE-2019-13207 | 1 Nlnetlabs | 1 Name Server Daemon | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c. | |||||
| CVE-2017-15105 | 3 Canonical, Debian, Nlnetlabs | 3 Ubuntu Linux, Debian Linux, Unbound | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. | |||||
| CVE-2017-1000232 | 1 Nlnetlabs | 1 Ldns | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | |||||