Cz Nic
Products
5- 10 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-26249 | Hig | 0.49 | 7.5 | 0.01 | Feb 21, 2023 | Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without… | ||
| CVE-2022-40188 | Hig | 0.49 | 7.5 | 0.02 | Sep 23, 2022 | Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. | ||
| CVE-2021-40083 | Hig | 0.49 | 7.5 | 0.01 | Aug 25, 2021 | Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof). | ||
| CVE-2018-1110 | Hig | 0.49 | 7.5 | 0.01 | Mar 30, 2021 | A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service. | ||
| CVE-2020-12667 | Hig | 0.49 | 7.5 | 0.03 | May 19, 2020 | Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. | ||
| CVE-2019-16159 | Hig | 0.49 | 7.5 | 0.03 | Sep 9, 2019 | BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message.… | ||
| CVE-2019-10191 | Hig | 0.49 | 7.5 | 0.02 | Jul 16, 2019 | A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol. | ||
| CVE-2019-10190 | Hig | 0.49 | 7.5 | 0.02 | Jul 16, 2019 | A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation… | ||
| CVE-2014-0486 | Hig | 0.49 | 7.5 | 0.03 | Mar 27, 2018 | Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message. | ||
| CVE-2021-26928 | Med | 0.44 | 6.8 | 0.01 | Jun 4, 2021 | BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route… | ||
| CVE-2018-10920 | Med | 0.44 | 6.8 | 0.03 | Aug 2, 2018 | Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache. | ||
| CVE-2026-49943 | Med | 0.41 | 6.3 | 0.00 | Jun 2, 2026 | CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-size stack array of 2048 + 1 pm_pos entries, while parse_path() expands AS_PATH… | ||
| CVE-2018-12066 | Med | 0.36 | 5.5 | 0.00 | Jun 8, 2018 | BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc. | ||
| CVE-2018-1000002 | Low | 0.24 | 3.7 | 0.01 | Jan 22, 2018 | Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. | ||
| CVE-2022-32983 | Med | 0.00 | 5.3 | 0.01 | Jun 20, 2022 | Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. |
- risk 0.49cvss 7.5epss 0.01
Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without…
- risk 0.49cvss 7.5epss 0.02
Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.
- risk 0.49cvss 7.5epss 0.01
Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).
- risk 0.49cvss 7.5epss 0.01
A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.
- risk 0.49cvss 7.5epss 0.03
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
- risk 0.49cvss 7.5epss 0.03
BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message.…
- risk 0.49cvss 7.5epss 0.02
A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.
- risk 0.49cvss 7.5epss 0.02
A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation…
- risk 0.49cvss 7.5epss 0.03
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.
- risk 0.44cvss 6.8epss 0.01
BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route…
- risk 0.44cvss 6.8epss 0.03
Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
- risk 0.41cvss 6.3epss 0.00
CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-size stack array of 2048 + 1 pm_pos entries, while parse_path() expands AS_PATH…
- risk 0.36cvss 5.5epss 0.00
BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.
- risk 0.24cvss 3.7epss 0.01
Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
- risk 0.00cvss 5.3epss 0.01
Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.