45 matches found
CVE-2026-47691 Netty has Insufficient Bailiwick Validation for NS Records
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...
CVE-2026-40622
NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to control a ghost...
EulerOS 2.0 SP11 : unbound (EulerOS-SA-2026-1595)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement...
EulerOS 2.0 SP10 : unbound (EulerOS-SA-2026-1039)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement...
EulerOS 2.0 SP10 : unbound (EulerOS-SA-2026-1060)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : NLnet Labs Unbound up to and including version 1.24.0 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement...
Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : Unbound vulnerability (USN-7855-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7855-1 advisory. Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that Unbound incorrectly handled certain promiscuous NS RRSets. A remot...
EUVD-2012-1220
Malware in sbrugna...
EUVD-2012-1071
Malware in sbrugna...
Fedora 39 : bind / bind-dyndb-ldap (2024-ef8a7031e7)
The remote Fedora 39 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-ef8a7031e7 advisory. Update to BIND 9.18.28 Security Fixes - A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to...
Non-Responsive Delegation Attack' (NRDelegation Attack)
unbound:edge is vulnerable to non-responsive delegation attack. The attacker can cause a resolver to spend a lot of time/resources resolving records under a malicious delegation point where a considerable number of unresponsive NS records reside...
Design/Logic Flaw
A vulnerability in the bailiwick checking function in Technitium DNS Server = v7.0 exists that allows specific malicious users to inject NS records of any domain even TLDs into the cache and conduct a DNS cache poisoning attack...
Unbound before 1.10.1 has Insufficient Control of Network Message Volume aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
...
CVE-2020-12662
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...
Design/Logic Flaw
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...
EUVD-2020-4961
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...
CVE-2020-12662
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...
CVE-2020-12662
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...
CVE-2020-12667
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...
CVE-2020-12667
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...
Code injection
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...