Dns Server
Monthly
Technitium DNS Server performs amplified outbound DNS traffic when processing domains with missing RRSIG records or mismatched DNSKEY records - an attacker who controls any domain can exploit this behavior to force the resolver into generating excessive network queries against third-party infrastructure. All versions prior to 15.0 are affected per the vendor CPE listing (cpe:2.3:a:technitium:dns_server:*:*:*:*:*:*:*:*). The CVSS Changed Scope (S:C) confirms that impact extends beyond the vulnerable server itself, affecting downstream network resources and other systems. No public exploit code has been identified at time of analysis, and this vulnerability is not currently listed in the CISA KEV catalog.
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technitium DNS Server performs amplified outbound DNS traffic when processing domains with missing RRSIG records or mismatched DNSKEY records - an attacker who controls any domain can exploit this behavior to force the resolver into generating excessive network queries against third-party infrastructure. All versions prior to 15.0 are affected per the vendor CPE listing (cpe:2.3:a:technitium:dns_server:*:*:*:*:*:*:*:*). The CVSS Changed Scope (S:C) confirms that impact extends beyond the vulnerable server itself, affecting downstream network resources and other systems. No public exploit code has been identified at time of analysis, and this vulnerability is not currently listed in the CISA KEV catalog.
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of unintended domain name resolution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of unintended domain name resolution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.