VYPR
Vendor

Cz Nic

Products
5
CVEs
15
Across products
16
Status
Private

Products

5

Recent CVEs

15
  • CVE-2023-26249HigFeb 21, 2023
    risk 0.49cvss 7.5epss 0.01

    Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without…

  • CVE-2022-40188HigSep 23, 2022
    risk 0.49cvss 7.5epss 0.02

    Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets.

  • CVE-2021-40083HigAug 25, 2021
    risk 0.49cvss 7.5epss 0.01

    Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many iterations used for a positive wildcard proof).

  • CVE-2018-1110HigMar 30, 2021
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.

  • CVE-2020-12667HigMay 19, 2020
    risk 0.49cvss 7.5epss 0.03

    Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.

  • CVE-2019-16159HigSep 9, 2019
    risk 0.49cvss 7.5epss 0.03

    BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message.…

  • CVE-2019-10191HigJul 16, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade DNSSEC-secure domains to DNSSEC-insecure state, opening possibility of domain hijack using attacks against insecure DNS protocol.

  • CVE-2019-10190HigJul 16, 2019
    risk 0.49cvss 7.5epss 0.02

    A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers to bypass DNSSEC validation for non-existence answer. NXDOMAIN answer would get passed through to the client even if its DNSSEC validation…

  • CVE-2014-0486HigMar 27, 2018
    risk 0.49cvss 7.5epss 0.03

    Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.

  • CVE-2021-26928MedJun 4, 2021
    risk 0.44cvss 6.8epss 0.01

    BIRD through 2.0.7 does not provide functionality for password authentication of BGP peers. Because of this, products that use BIRD (which may, for example, include Tigera products in some configurations, as well as products of other vendors) may have been susceptible to route…

  • CVE-2018-10920MedAug 2, 2018
    risk 0.44cvss 6.8epss 0.03

    Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.

  • CVE-2026-49943MedJun 2, 2026
    risk 0.41cvss 6.3epss 0.00

    CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-size stack array of 2048 + 1 pm_pos entries, while parse_path() expands AS_PATH…

  • CVE-2018-12066MedJun 8, 2018
    risk 0.36cvss 5.5epss 0.00

    BIRD Internet Routing Daemon before 1.6.4 allows local users to cause a denial of service (stack consumption and daemon crash) via BGP mask expressions in birdc.

  • CVE-2018-1000002LowJan 22, 2018
    risk 0.24cvss 3.7epss 0.01

    Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.

  • CVE-2022-32983MedJun 20, 2022
    risk 0.00cvss 5.3epss 0.01

    Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.