Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
authoritative server vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2017-14339
The DNS packet parser in YADIFA prior to 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.
Yadifa Yadifa
7.8
CVSSv2
CVE-2014-8500
ISC BIND 9.0.x up to and including 9.8.x, 9.9.0 up to and including 9.9.6, and 9.10.0 up to and including 9.10.1 does not limit delegation chaining, which allows remote malicious users to cause a denial of service (memory consumption and named crash) via a large or infinite numbe...
Isc Bind 9.1
Isc Bind 9.1.1
Isc Bind 9.2.3
Isc Bind 9.2.4
Isc Bind 9.3.0
Isc Bind 9.3.1
Isc Bind 9.4.1
Isc Bind 9.4.2
Isc Bind 9.6.0
Isc Bind 9.6.1
Isc Bind 9.7.4
Isc Bind 9.7.5
Isc Bind 9.8.5
Isc Bind 9.8.6
Isc Bind 9.9.6
Isc Bind 9.10.0
Isc Bind 9.0
Isc Bind 9.0.1
Isc Bind 9.2.1
Isc Bind 9.2.2
Isc Bind 9.2.9
Isc Bind 9.3
2 Github repositories
5
CVSSv2
CVE-2010-0218
ISC BIND 9.7.2 up to and including 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote malicious users to obtain potentially sensitive information via a DNS query.
Isc Bind 9.7.2
5
CVSSv2
CVE-2011-2464
Unspecified vulnerability in ISC BIND 9 9.6.x prior to 9.6-ESV-R4-P3, 9.7.x prior to 9.7.3-P3, and 9.8.x prior to 9.8.0-P4 allows remote malicious users to cause a denial of service (named daemon crash) via a crafted UPDATE request.
Isc Bind 9.6.3
Isc Bind 9.6.1
Isc Bind 9.6.2
Isc Bind 9.6.0
Isc Bind 9.6
Isc Bind 9.7.0
Isc Bind 9.7.2
Isc Bind 9.7.3
Isc Bind 9.7.1
Isc Bind 9.7.2b1
Isc Bind 9.8.0
Isc Bind 9.8.1
4.3
CVSSv2
CVE-2017-3140
If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.
Isc Bind 9.9.10
Isc Bind 9.10.5
Isc Bind
Netapp Oncommand Balance -
Netapp Element Software -
Netapp Data Ontap Edge -
5
CVSSv2
CVE-2020-12662
Unbound prior to 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
Nlnetlabs Unbound
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
5
CVSSv2
CVE-2017-15120
An issue has been found in the parsing of authoritative answers in PowerDNS Recursor prior to 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a den...
Powerdns Recursor
Debian Debian Linux 8.0
Debian Debian Linux 9.0
1 Github repository
5
CVSSv2
CVE-2008-0061
MaraDNS 1.0 prior to 1.0.41, 1.2 prior to 1.2.12.08, and 1.3 prior to 1.3.07.04 allows remote malicious users to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records.&...
Maradns Maradns 1.0.00
Maradns Maradns 1.0.07
Maradns Maradns 1.0.08
Maradns Maradns 1.0.09
Maradns Maradns 1.0.16
Maradns Maradns 1.0.17
Maradns Maradns 1.0.24
Maradns Maradns 1.0.25
Maradns Maradns 1.0.33
Maradns Maradns 1.0.34
Maradns Maradns 1.2.12.02
Maradns Maradns 1.2.12.03
Maradns Maradns 1.3.03
Maradns Maradns 1.3.04
Maradns Maradns 1.0.01
Maradns Maradns 1.0.02
Maradns Maradns 1.0.10
Maradns Maradns 1.0.11
Maradns Maradns 1.0.18
Maradns Maradns 1.0.19
Maradns Maradns 1.0.26
Maradns Maradns 1.0.27
5
CVSSv2
CVE-2012-2978
query.c in NSD 3.0.x up to and including 3.0.8, 3.1.x up to and including 3.1.1, and 3.2.x prior to 3.2.12 allows remote malicious users to cause a denial of service (NULL pointer dereference and child process crash) via a crafted DNS packet.
Nlnetlabs Nsd 3.0.2
Nlnetlabs Nsd 3.0.1
Nlnetlabs Nsd 3.0.0
Nlnetlabs Nsd 3.0.8
Nlnetlabs Nsd 3.0.7
Nlnetlabs Nsd 3.0.4
Nlnetlabs Nsd 3.0.3
Nlnetlabs Nsd 3.0.6
Nlnetlabs Nsd 3.0.5
Nlnetlabs Nsd 3.1.1
Nlnetlabs Nsd 3.1.0
Nlnetlabs Nsd 3.2.5
Nlnetlabs Nsd 3.2.6
Nlnetlabs Nsd 3.2.3
Nlnetlabs Nsd 3.2.4
Nlnetlabs Nsd 3.2.7
Nlnetlabs Nsd 3.2.8
Nlnetlabs Nsd 3.2.9
Nlnetlabs Nsd 3.2.1
Nlnetlabs Nsd 3.2.0
Nlnetlabs Nsd 3.2.10
4
CVSSv2
CVE-2020-10955
GitLab EE/CE 11.1 up to and including 12.9 is vulnerable to parameter tampering on an upload feature that allows an unauthorized user to read content available under specific folders.
Gitlab Gitlab
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »