Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nlnetlabs unbound vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2019-25031
Unbound prior to 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a co...
Nlnetlabs Unbound
Debian Debian Linux 9.0
5.5
CVSSv3
CVE-2020-28935
NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an exis...
Nlnetlabs Unbound
Nlnetlabs Name Server Daemon
Debian Debian Linux 9.0
5.3
CVSSv3
CVE-2017-15105
A flaw was found in the way unbound prior to 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
Nlnetlabs Unbound
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 17.10
1 Github repository
NA
CVE-2014-8602
iterator.c in NLnet Labs Unbound prior to 1.5.1 does not limit delegation chaining, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
Nlnetlabs Unbound
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Debian Debian Linux 7.0
NA
CVE-2011-4528
Unbound prior to 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.
Unbound Unbound 1.4.6
Unbound Unbound 1.4.5
Unbound Unbound 1.3.3
Unbound Unbound 1.3.2
Unbound Unbound 1.0.2
Unbound Unbound 1.0.1
Unbound Unbound 1.0.0
Unbound Unbound 0.7
Unbound Unbound 0.6
Unbound Unbound 1.4.12
Unbound Unbound
Unbound Unbound 1.4.10
Unbound Unbound 1.4.9
Unbound Unbound 1.4.2
Unbound Unbound 1.4.1
Unbound Unbound 1.2.1
Unbound Unbound 1.2.0
Unbound Unbound 0.09
Unbound Unbound 0.8
Unbound Unbound 0.3
Unbound Unbound 0.2
Unbound Unbound 1.4.8
NA
CVE-2009-4008
Unbound prior to 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote malicious users to cause a denial of service (DNSSEC outage) via a crafted query.
Nlnetlabs Unbound 1.0.1
Nlnetlabs Unbound 1.0.2
Nlnetlabs Unbound 0.8
Nlnetlabs Unbound 0.7.2
Nlnetlabs Unbound 1.4.1
Nlnetlabs Unbound 1.4.0
Nlnetlabs Unbound 1.3.4
Nlnetlabs Unbound 1.4.2
Nlnetlabs Unbound 1.2.0
Nlnetlabs Unbound 1.0.0
Nlnetlabs Unbound 0.7.1
Nlnetlabs Unbound 1.1.1
Nlnetlabs Unbound 0.6
Nlnetlabs Unbound 0.4
Nlnetlabs Unbound 1.3.0
Nlnetlabs Unbound 1.3.1
Nlnetlabs Unbound 1.3.2
Nlnetlabs Unbound 1.3.3
Nlnetlabs Unbound 0.10
Nlnetlabs Unbound 0.09
Nlnetlabs Unbound 0.2
Nlnetlabs Unbound 0.1
NA
CVE-2011-1922
daemon/worker.c in Unbound 1.x prior to 1.4.10, when debugging functionality and the interface-automatic option are enabled, allows remote malicious users to cause a denial of service (assertion failure and daemon exit) via a crafted DNS request that triggers improper error handl...
Nlnetlabs Unbound 1.0.0
Nlnetlabs Unbound 1.3.1
Nlnetlabs Unbound 1.3.2
Nlnetlabs Unbound 1.4.4
Nlnetlabs Unbound 1.4.5
Nlnetlabs Unbound 1.1.0
Nlnetlabs Unbound 1.2.0
Nlnetlabs Unbound 1.4.0
Nlnetlabs Unbound 1.4.1
Nlnetlabs Unbound 1.4.8
Nlnetlabs Unbound 1.4.9
Nlnetlabs Unbound 1.2.1
Nlnetlabs Unbound 1.3.0
Nlnetlabs Unbound 1.4.2
Nlnetlabs Unbound 1.4.3
Nlnetlabs Unbound 1.1.1
Nlnetlabs Unbound 1.0.1
Nlnetlabs Unbound 1.0.2
Nlnetlabs Unbound 1.3.3
Nlnetlabs Unbound 1.3.4
Nlnetlabs Unbound 1.4.6
Nlnetlabs Unbound 1.4.7
NA
CVE-2010-0969
Unbound prior to 1.4.3 does not properly align structures on 64-bit platforms, which allows remote malicious users to cause a denial of service (daemon crash) via unspecified vectors.
Nlnetlabs Unbound 1.3.1
Nlnetlabs Unbound 1.3.2
Nlnetlabs Unbound 1.3.3
Nlnetlabs Unbound 1.1.0
Nlnetlabs Unbound 0.2
Nlnetlabs Unbound 0.1
Nlnetlabs Unbound 0.0
Nlnetlabs Unbound 0.6
Nlnetlabs Unbound 1.0.2
Nlnetlabs Unbound 0.8
Nlnetlabs Unbound 0.7.2
Nlnetlabs Unbound 0.7.1
Nlnetlabs Unbound 1.4.0
Nlnetlabs Unbound 1.3.4
Nlnetlabs Unbound
Nlnetlabs Unbound 1.3.0
Nlnetlabs Unbound 1.2.0
Nlnetlabs Unbound 1.0.0
Nlnetlabs Unbound 1.1.1
Nlnetlabs Unbound 0.10
Nlnetlabs Unbound 0.4
Nlnetlabs Unbound 1.4.1
NA
CVE-2009-3602
Unbound prior to 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote malicious users to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in conjunction with crafted delegation responses.
Nlnetlabs Unbound 1.3.2
Nlnetlabs Unbound 1.3.1
Nlnetlabs Unbound 1.0.1
Nlnetlabs Unbound 1.0.0
Nlnetlabs Unbound 0.7
Nlnetlabs Unbound 0.6
Nlnetlabs Unbound 1.2.0
Nlnetlabs Unbound 1.1.1
Nlnetlabs Unbound 0.09
Nlnetlabs Unbound 0.8
Nlnetlabs Unbound 0.3
Nlnetlabs Unbound 0.2
Nlnetlabs Unbound 0.1
Nlnetlabs Unbound
Nlnetlabs Unbound 1.1.0
Nlnetlabs Unbound 1.0.2
Nlnetlabs Unbound 0.7.2
Nlnetlabs Unbound 0.7.1
Nlnetlabs Unbound 0.0
Nlnetlabs Unbound 1.3.0
Nlnetlabs Unbound 1.2.1
Nlnetlabs Unbound 0.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3