Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unbound vulnerabilities and exploits
(subscribe to this query)
7.3
CVSSv3
CVE-2019-18934
Unbound 1.6.4 up to and including 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled a...
Nlnetlabs Unbound
Fedoraproject Fedora 31
Opensuse Leap 15.1
Opensuse Leap 15.2
7.5
CVSSv3
CVE-2019-16866
Unbound prior to 1.9.4 accesses uninitialized memory, which allows remote malicious users to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule.
Nlnetlabs Unbound
Canonical Ubuntu Linux 19.04
5.9
CVSSv3
CVE-2018-11412
In the Linux kernel 4.13 up to and including 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
Linux Linux Kernel
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
1 EDB exploit
8.1
CVSSv3
CVE-2018-1256
Spring Cloud SSO Connector, version 2.1.2, contains a regression which disables issuer validation in resource servers that are not bound to the SSO service. In PCF deployments with multiple SSO service plans, a remote attacker can authenticate to unbound resource servers which us...
Vmware Spring Cloud Sso Connector 2.1.2
5.3
CVSSv3
CVE-2017-15105
A flaw was found in the way unbound prior to 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
Nlnetlabs Unbound
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 17.10
1 Github repository
9.1
CVSSv3
CVE-2015-8776
The strftime function in the GNU C Library (aka glibc or libc6) prior to 2.23 allows context-dependent malicious users to cause a denial of service (application crash) or possibly obtain sensitive information via an out-of-range time value.
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Debuginfo 11
Suse Linux Enterprise Server 11
Suse Linux Enterprise Software Development Kit 12
Suse Suse Linux Enterprise Server 12
Opensuse Opensuse 13.2
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Server 12
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.10
Debian Debian Linux 8.0
Fedoraproject Fedora 23
Gnu Glibc
NA
CVE-2014-8602
iterator.c in NLnet Labs Unbound prior to 1.5.1 does not limit delegation chaining, which allows remote malicious users to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
Nlnetlabs Unbound
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 14.10
Debian Debian Linux 7.0
NA
CVE-2012-1192
The resolver in Unbound prior to 1.4.11 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote malicious users to trigger continued resolvability of revoked domain names via a "ghost domain na...
Unbound Unbound
Unbound Unbound 1.4.9
Unbound Unbound 1.4.8
Unbound Unbound 1.4.7
Unbound Unbound 1.2.0
Unbound Unbound 1.1.1
Unbound Unbound 1.1.0
Unbound Unbound 1.0.2
Unbound Unbound 0.3
Unbound Unbound 0.2
Unbound Unbound 0.1
Unbound Unbound 0.0
Unbound Unbound 1.4.5
Unbound Unbound 1.4.3
Unbound Unbound 1.3.1
Unbound Unbound 1.2.1
Unbound Unbound 1.0.1
Unbound Unbound 0.11
Unbound Unbound 0.6
Unbound Unbound 0.4
Unbound Unbound 1.4.2
Unbound Unbound 1.4.1
NA
CVE-2011-4869
validator/val_nsec3.c in Unbound prior to 1.4.13p2 does not properly perform proof processing for NSEC3-signed zones, which allows remote DNS servers to cause a denial of service (daemon crash) via a malformed response that lacks expected NSEC3 records, a different vulnerability ...
Unbound Unbound 1.4.11
Unbound Unbound 1.4.3
Unbound Unbound 1.4.2
Unbound Unbound 1.3.1
Unbound Unbound 1.3.0
Unbound Unbound 1.0.0
Unbound Unbound 0.11
Unbound Unbound 0.10
Unbound Unbound 0.5
Unbound Unbound 0.4
Unbound Unbound 1.4.10
Unbound Unbound 1.4.9
Unbound Unbound 1.4.8
Unbound Unbound 1.4.1
Unbound Unbound 1.4.0
Unbound Unbound 1.2.1
Unbound Unbound 1.2.0
Unbound Unbound 0.09
Unbound Unbound 0.8
Unbound Unbound 0.3
Unbound Unbound 0.2
Unbound Unbound 1.4.7
NA
CVE-2011-4528
Unbound prior to 1.4.13p2 attempts to free unallocated memory during processing of duplicate CNAME records in a signed zone, which allows remote DNS servers to cause a denial of service (daemon crash) via a crafted response.
Unbound Unbound 1.4.6
Unbound Unbound 1.4.5
Unbound Unbound 1.3.3
Unbound Unbound 1.3.2
Unbound Unbound 1.0.2
Unbound Unbound 1.0.1
Unbound Unbound 1.0.0
Unbound Unbound 0.7
Unbound Unbound 0.6
Unbound Unbound 1.4.12
Unbound Unbound
Unbound Unbound 1.4.10
Unbound Unbound 1.4.9
Unbound Unbound 1.4.2
Unbound Unbound 1.4.1
Unbound Unbound 1.2.1
Unbound Unbound 1.2.0
Unbound Unbound 0.09
Unbound Unbound 0.8
Unbound Unbound 0.3
Unbound Unbound 0.2
Unbound Unbound 1.4.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »