Product:

Dns_server

(Synology)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 5
Date Id Summary Products Score Patch Annotated
2020-08-21 CVE-2020-8621 In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected. Ubuntu_linux, Bind, Steelstore_cloud_integrated_storage, Leap, Dns_server 7.5
2020-08-21 CVE-2020-8622 In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other... Ubuntu_linux, Debian_linux, Fedora, Bind, Steelstore_cloud_integrated_storage, Leap, Communications_diameter_signaling_router, Dns_server 6.5
2020-08-21 CVE-2020-8623 In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: * be running BIND that was built with "--enable-native-pkcs11" * be signing one or more zones with an RSA key * be able to receive queries from a possible attacker Ubuntu_linux, Debian_linux, Fedora, Bind, Steelstore_cloud_integrated_storage, Leap, Dns_server 7.5
2022-07-28 CVE-2022-27615 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors. Dns_server 8.1
2017-08-24 CVE-2017-12074 Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter. Dns_server 6.5