Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unbound unbound vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2019-18934
Unbound 1.6.4 up to and including 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled a...
Nlnetlabs Unbound
Fedoraproject Fedora 31
Opensuse Leap 15.1
Opensuse Leap 15.2
7.5
CVSSv3
CVE-2019-16866
Unbound prior to 1.9.4 accesses uninitialized memory, which allows remote malicious users to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
Nlnetlabs Unbound
Canonical Ubuntu Linux 19.04
6.1
CVSSv3
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
128 Github repositories
5.9
CVSSv3
CVE-2018-11412
In the Linux kernel 4.13 up to and including 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
Linux Linux Kernel
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
1 EDB exploit
8.1
CVSSv3
CVE-2018-1256
Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which us...
Vmware Spring Cloud Sso Connector 2.1.2
5.3
CVSSv3
CVE-2017-15105
A flaw was found in the way unbound prior to 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
Nlnetlabs Unbound
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 17.10
1 Github repository
9.1
CVSSv3
CVE-2015-8776
The strftime function in the GNU C Library (aka glibc or libc6) prior to 2.23 allows context-dependent malicious users to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Debuginfo 11
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 12
Suse Suse Linux Enterprise Server 12
Opensuse Opensuse 13.2
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 12
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.10
Debian Debian Linux 8.0
Fedoraproject Fedora 23
Gnu Glibc
NA
CVE-2014-8602
iterator.c in NLnet Labs Unbound prior to 1.5.1 does not limit delegation chaining, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
Nlnetlabs Unbound
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Debian Debian Linux 7.0
NA
CVE-2012-1192
The resolver in Unbound prior to 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote malicious users to trigger continued resolvability of revoked domain names via a "ghost domain na...
Unbound Unbound
Unbound Unbound 1.4.9
Unbound Unbound 1.4.8
Unbound Unbound 1.4.7
Unbound Unbound 1.2.0
Unbound Unbound 1.1.1
Unbound Unbound 1.1.0
Unbound Unbound 1.0.2
Unbound Unbound 0.3
Unbound Unbound 0.2
Unbound Unbound 0.1
Unbound Unbound 0.0
Unbound Unbound 1.4.5
Unbound Unbound 1.4.3
Unbound Unbound 1.3.1
Unbound Unbound 1.2.1
Unbound Unbound 1.0.1
Unbound Unbound 0.11
Unbound Unbound 0.6
Unbound Unbound 0.4
Unbound Unbound 1.4.2
Unbound Unbound 1.4.1
NA
CVE-2011-4528
Unbound prior to 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.
Unbound Unbound 1.4.6
Unbound Unbound 1.4.5
Unbound Unbound 1.3.3
Unbound Unbound 1.3.2
Unbound Unbound 1.0.2
Unbound Unbound 1.0.1
Unbound Unbound 1.0.0
Unbound Unbound 0.7
Unbound Unbound 0.6
Unbound Unbound 1.4.12
Unbound Unbound
Unbound Unbound 1.4.10
Unbound Unbound 1.4.9
Unbound Unbound 1.4.2
Unbound Unbound 1.4.1
Unbound Unbound 1.2.1
Unbound Unbound 1.2.0
Unbound Unbound 0.09
Unbound Unbound 0.8
Unbound Unbound 0.3
Unbound Unbound 0.2
Unbound Unbound 1.4.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »