50 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-12662
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an NXNSAttack issue. This is triggered by random subdomains in the NSDNAME in NS...
Linux Distros Unpatched Vulnerability : CVE-2020-12667
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker- controlled server, aka an NXNSAttack issue. This is triggered...
CentOS 6 : unbound (RHSA-2020:2640)
The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2640 advisory. - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an NXNSAttack issue. This is triggered by random subdomains in the...
K37661551: Unbound DNS Cache vulnerabilities CVE-2020-12662 and CVE-2020-12663
Security Advisory Description CVE-2020-12662 Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. CVE-2020-12663 Unbound before 1.10.1 has an infinite loop via malformed DNS answer...
SUSE CVE-2020-12667
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records...
NewStart CGSL CORE 5.05 / MAIN 5.05 : unbound Multiple Vulnerabilities (NS-SA-2021-0142)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has unbound packages installed that are affected by multiple vulnerabilities: - An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions ...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2021-2172)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2556-1 : unbound1.9 security update
Several security vulnerabilities have been corrected in unbound, a validating, recursive, caching DNS resolver. Support for the unbound DNS server has been resumed, the sources can be found in the unbound1.9 source package. CVE-2020-12662 Unbound has Insufficient Control of Network Message Volume...
[SECURITY] [DLA 2556-1] unbound1.9 security update
Debian LTS Advisory DLA-2556-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 12, 2021 https://wiki.debian.org/LTS Package : unbound1.9 Version : 1.9.0-2+deb10u2deb9u1 CVE ID : CVE-2020-12662 CVE-2020-12663 CVE-2020-28935 Debian Bug : 977165 Several...
pfSense 2.4.x < 2.4.5-p1 Multiple Vulnerabilities
According to its self-reported version number, the remote pfSense install is a version 2.4.x prior to 2.4.5-p1. It is, therefore, affected by the following vulnerabilities in its subcomponents: - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an 'NXNSAttack' issue...
NewStart CGSL CORE 5.04 / MAIN 5.04 : unbound Multiple Vulnerabilities (NS-SA-2020-0079)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has unbound packages installed that are affected by multiple vulnerabilities: - Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an NXNSAttack issue. This is triggered by random subdomains in the...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2020-2403)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP2 : unbound (EulerOS-SA-2020-2403)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2020-2058)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP3 : unbound (EulerOS-SA-2020-2058)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted...
Unbound before 1.10.1 has Insufficient Control of Network Message Volume aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2020-1933)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : unbound (EulerOS-SA-2020-1933)
According to the versions of the unbound packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.CVE-2020-12663 - Unbound before 1.10.1 has...
EulerOS Virtualization for ARM 64 3.0.6.0 : unbound (EulerOS-SA-2020-1905)
According to the versions of the unbound package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.CVE-2020-12663 -...
Security Advisory - Distributed Denial-of-Service Vulnerablility in Some Huawei Products
There is a DDoS vulnerability called "NXNSAttack" in some Huawei products. There is no effective limitation on the number of fetches performed when the DNS recursive server processes references. An attacker can exploit this vulnerability by sending a request for an attacker-controlled domain to a...