CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-10772 – unbound: incomplete fix for CVE-2020-12662 in RHEL7
https://notcve.org/view.php?id=CVE-2020-10772
22 Jun 2020 — An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound. Una corrección incompleta fue entregad... • https://bugzilla.redhat.com/show_bug.cgi?id=1846026 • CWE-400: Uncontrolled Resource Consumption CWE-406: Insufficient Control of Network Message Volume (Network Amplification) •
CVSS: 7.5EPSS: 9%CPEs: 10EXPL: 0CVE-2020-12662 – unbound: amplification of an incoming query into a large number of queries directed to a target
https://notcve.org/view.php?id=CVE-2020-12662
19 May 2020 — Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. Unbound versiones anteriores a 1.10.1, presenta un Control Insuficiente del Volumen de Mensajes de Red, también se conoce como un problema de "NXNSAttack". Esto es activado por subdominios aleatorios en NSDNAME en registros NS. A network amplification vulnerability was found in Unbound, in the way it processes delegation messages from one a... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 6%CPEs: 10EXPL: 0CVE-2020-12663 – unbound: infinite loop via malformed DNS answers received from upstream servers
https://notcve.org/view.php?id=CVE-2020-12663
19 May 2020 — Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. Unbound versiones anteriores a 1.10.1, presenta un bucle infinito mediante respuestas DNS malformadas recibidas desde servidores aguas arriba. A flaw was found in unbound in versions prior to 1.10.1. An infinite loop can be created when malformed DNS answers are received from upstream servers. The highest threat from this vulnerability is to system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.3EPSS: 1%CPEs: 4EXPL: 1CVE-2019-18934 – unbound: command injection with data coming from a specially crafted IPSECKEY answer
https://notcve.org/view.php?id=CVE-2019-18934
19 Nov 2019 — Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration. Unbound versiones 1.6.4 hasta 1.9.4, contiene una vulnerabilidad en el módulo ipsec que puede causar una ejecución de código de shell después de recibir una respuesta especialmente diseñada. Este problema solo pued... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00067.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.9EPSS: 1%CPEs: 5EXPL: 0CVE-2013-5661
https://notcve.org/view.php?id=CVE-2013-5661
05 Nov 2019 — Cache Poisoning issue exists in DNS Response Rate Limiting. Existe Un problema de envenenamiento de caché en el DNS Response Rate Limiting. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-5661 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2019-16866 – Ubuntu Security Notice USN-4149-1
https://notcve.org/view.php?id=CVE-2019-16866
03 Oct 2019 — Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. Unbound versiones anteriores a 1.9.4, accede a la memoria no inicializada, lo que permite a atacantes remotos desencadenar un bloqueo por medio de una consulta NOTIFY diseñada. La dirección IP del origen de la consulta debe coincidir con una regla de control de acceso. X41 D-Sec discovered that unbound, a valida... • https://github.com/NLnetLabs/unbound/blob/release-1.9.4/doc/Changelog • CWE-755: Improper Handling of Exceptional Conditions CWE-908: Use of Uninitialized Resource •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-13207
https://notcve.org/view.php?id=CVE-2019-13207
03 Jul 2019 — nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflow in the dname_concatenate() function in dname.c. nsd-checkzone en NLnet Labs NSD versión 4.2.0 tiene un Desbordamiento de búfer basado en pila en la función dname_concatenate () en dname.c. • https://github.com/NLnetLabs/nsd/issues/20 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-15105 – Ubuntu Security Notice USN-3673-1
https://notcve.org/view.php?id=CVE-2017-15105
23 Jan 2018 — A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. Se ha encontrado un error en la forma en la que unbound, en versiones anteriores a la 1.6.8, validaba los registros NSEC sintetizados con caracteres comodín. Un registro con caracteres comodín NSEC validado incorrectamente podría empl... • http://www.securityfocus.com/bid/102817 • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000231 – Ubuntu Security Notice USN-3491-1
https://notcve.org/view.php?id=CVE-2017-1000231
17 Nov 2017 — A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. Una vulnerabilidad de doble liberación (double free) en parse.c en ldns 1.7.0 provoca un impacto y origina vectores de ataque no especificados. Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html • CWE-415: Double Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000232 – Ubuntu Security Notice USN-3491-1
https://notcve.org/view.php?id=CVE-2017-1000232
17 Nov 2017 — A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. Una vulnerabilidad de doble liberación (double free) en str2host.c en ldns 1.7.0 provoca un impacto y origina vectores de ataque no especificados. Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html • CWE-415: Double Free •