Filtered by vendor Knot-dns
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-11104 | 2 Debian, Knot-dns | 2 Debian Linux, Knot Dns | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the TSIG protocol implementation that would allow an attacker with a valid key name and algorithm to bypass TSIG authentication if no additional ACL restrictions are set, because of an improper TSIG validity period check. | |||||
CVE-2016-6171 | 1 Knot-dns | 1 Knot Dns | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of service (memory exhaustion and slave server crash) via a large zone transfer for (1) DDNS, (2) AXFR, or (3) IXFR. |