Filtered by vendor Nlnetlabs
Subscribe
Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25037 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25036 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25035 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25034 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25033 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25032 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | |||||
| CVE-2019-25031 | 2 Debian, Nlnetlabs | 2 Debian Linux, Unbound | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the community that facilitates automatic configuration creation. It is not part of the Unbound installation | |||||