Alibaba Cloud Linux 3 : 0083: unbound (ALINUX3-SA-2021:0083)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0083 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-12662: Unbound before 1.10.1 has...

K37661551: Unbound DNS Cache vulnerabilities CVE-2020-12662 and CVE-2020-12663

Security Advisory Description CVE-2020-12662 Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. CVE-2020-12663 Unbound before 1.10.1 has an infinite loop via malformed DNS answer...

SUSE CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

CVE-2014-125036

A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local...

Design/Logic Flaw

A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local...

CVE-2014-125036

CVE-2014-125036 affects drybjed ansible-ntp; the issue concerns the file meta/main.yml where manipulation leads to insufficient control of network message volume. Impact is described as local-network–only with low complexity; exploitability details are not provided in the sources. A patch is avai...

EulerOS Virtualization 3.0.2.2 : unbound (EulerOS-SA-2021-2172)

According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs NSD, up to and including version 4.3.3, contain a local...

Debian DLA-2556-1 : unbound1.9 security update

Several security vulnerabilities have been corrected in unbound, a validating, recursive, caching DNS resolver. Support for the unbound DNS server has been resumed, the sources can be found in the unbound1.9 source package. CVE-2020-12662 Unbound has Insufficient Control of Network Message Volume...

pfSense 2.4.x < 2.4.5-p1 Multiple Vulnerabilities

According to its self-reported version number, the remote pfSense install is a version 2.4.x prior to 2.4.5-p1. It is, therefore, affected by the following vulnerabilities in its subcomponents: - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an 'NXNSAttack' issue...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2020-2454)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP5 : unbound (EulerOS-SA-2020-1933)

According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.CVE-2020-12663 - Unbound before 1.10.1 has...

EulerOS Virtualization for ARM 64 3.0.6.0 : unbound (EulerOS-SA-2020-1905)

According to the versions of the unbound package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.CVE-2020-12663 -...

FortiAnalyzer could potentially be used in NTP amplification attacks

An insufficient control of network message volume CWE-406 vulnerability in FortiAnalyzer may allow an unauthenticated remote attacker to perform NTP amplification attacks thereby causing reflected denial of service on arbitrary targets via sending specially crafted mode 6 queries to the...

Denial Of Service (DoS)

unbound is vulnerable to Denial of Service DoS. The attack exists because of an Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

ALPINE-CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

DEBIAN-CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

CVE-2020-12662

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

AZL-6929 CVE-2020-12662 affecting package unbound for versions less than 1.10.0-5

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...

Design/Logic Flaw

Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...