VYPR

rpm package

suse/unbound&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2

pkg:rpm/suse/unbound&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Vulnerabilities (18)

  • CVE-2023-50868HigFeb 14, 2024
    affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1

    The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a denial of service (CPU consumption for SHA-1 computations) via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 51

  • CVE-2023-50387HigFeb 14, 2024
    affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1

    Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with man

  • CVE-2022-3204HigSep 26, 2022
    affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1

    A vulnerability named 'Non-Responsive Delegation Attack' (NRDelegation Attack) has been discovered in various DNS resolving software. The NRDelegation Attack works by having a malicious delegation with a considerable number of non responsive nameservers. The attack starts by quer

  • CVE-2022-30699MedAug 1, 2022
    affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1

    NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire

  • CVE-2022-30698MedAug 1, 2022
    affected < 1.20.0-150100.10.13.1fixed 1.20.0-150100.10.13.1

    NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation in

  • CVE-2019-25042CriApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25041HigApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25040HigApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25039CriApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25038CriApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25037HigApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25036HigApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25035CriApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25034CriApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploit

  • CVE-2019-25033CriApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25032CriApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited

  • CVE-2019-25031MedApr 27, 2021
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a vulnerability of the Unbound software. create_unbound_ad_servers.sh is a cont

  • CVE-2020-28935MedDec 7, 2020
    affected < 1.6.8-10.6.1fixed 1.6.8-10.6.1

    NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local vulnerability that would allow for a local symlink attack. When writing the PID file, Unbound and NSD create the file if it is not there, or open an exis