Every CVE whose affected-product data names Nic Knot Resolver, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2023-50387 — CVSS 7.5 (high): Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of…
CVE-2021-40083 — CVSS 7.5 (high): Knot Resolver before 5.3.2 is prone to an assertion failure, triggerable by a remote attacker in an edge case (NSEC3 with too many…
CVE-2022-40188 — CVSS 7.5 (high): Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During…
CVE-2023-26249 — CVSS 7.5 (high): Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of…
CVE-2023-46317 — CVSS 7.5 (high): Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.
CVE-2018-1110 — CVSS 7.5 (high): A flaw was found in knot-resolver before version 2.3.0. Malformed DNS messages may cause denial of service.
CVE-2019-10190 — CVSS 7.5 (high): A vulnerability was discovered in DNS resolver component of knot resolver through version 3.2.0 before 4.1.0 which allows remote attackers…
CVE-2019-10191 — CVSS 7.5 (high): A vulnerability was discovered in DNS resolver of knot resolver before version 4.1.0 which allows remote attackers to downgrade…
CVE-2019-19331 — CVSS 7.5 (high): knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource…
CVE-2020-12667 — CVSS 7.5 (high): Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack"…
CVE-2018-10920 — CVSS 6.8 (medium): Improper input validation bug in DNS resolver component of Knot Resolver before 2.4.1 allows remote attacker to poison cache.
CVE-2022-32983 — CVSS 5.3 (medium): Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters.
CVE-2018-1000002 — CVSS 3.7 (low): Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle…