National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): DNS
  • Search Type: Search Last 3 Months
  • Contains Software Flaws (CVE)
There are 48 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-13176

An issue was discovered in the 3CX Phone system (web) management console 12.5.44178.1002 through 12.5 SP2. The Content.MainForm.wgx component is affected by XXE via a crafted XML document in POST data. There is potential to use this for SSRF (reading local files, outbound HTTP, and outbound DNS).

Published: August 08, 2019; 10:15:11 AM -04:00
(not available)
CVE-2017-18398

DnsUtils in cPanel before 68.0.15 allows zone creation for hostname and account subdomains (SEC-331).

Published: August 02, 2019; 10:15:12 AM -04:00
V3: 3.8 LOW
V2: 5.5 MEDIUM
CVE-2017-18382

cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).

Published: August 02, 2019; 09:15:11 AM -04:00
V3: 2.7 LOW
V2: 4.0 MEDIUM
CVE-2019-14513

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

Published: August 01, 2019; 05:15:12 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2016-10826

cPanel before 55.9999.141 allows attackers to bypass Two Factor Authentication via DNS clustering requests (SEC-93).

Published: August 01, 2019; 03:15:14 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2016-10818

cPanel before 57.9999.54 incorrectly sets log-file permissions in dnsadmin-startup and spamd-startup (SEC-124).

Published: August 01, 2019; 03:15:13 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-10824

cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90).

Published: August 01, 2019; 01:15:11 PM -04:00
V3: 9.8 CRITICAL
V2: 9.3 HIGH
CVE-2018-20935

cPanel before 70.0.23 allows stored XSS in via a WHM "Reset a DNS Zone" action (SEC-412).

Published: August 01, 2019; 12:15:14 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20933

cPanel before 70.0.23 has Stored XSS via an WHM Edit DNS Zone action (SEC-410).

Published: August 01, 2019; 12:15:14 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20923

cPanel before 70.0.23 allows stored XSS via a WHM Synchronize DNS Records action (SEC-377).

Published: August 01, 2019; 11:15:14 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-20922

cPanel before 70.0.23 allows stored XSS via a WHM DNS Cleanup action (SEC-376).

Published: August 01, 2019; 11:15:14 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-20921

cPanel before 70.0.23 allows stored XSS via a WHM "Delete a DNS Zone" action (SEC-375).

Published: August 01, 2019; 11:15:14 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-20920

cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-374).

Published: August 01, 2019; 11:15:14 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-20918

cPanel before 70.0.23 allows stored XSS in WHM DNS Cluster (SEC-372).

Published: August 01, 2019; 11:15:14 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-20915

cPanel before 70.0.23 allows stored XSS via a WHM Edit DNS Zone action (SEC-369).

Published: August 01, 2019; 11:15:14 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2016-10858

cPanel before 11.54.0.0 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-64).

Published: August 01, 2019; 11:15:12 AM -04:00
V3: 9.8 CRITICAL
V2: 9.3 HIGH
CVE-2018-20872

DrayTek routers before 2018-05-23 allow CSRF attacks to change DNS or DHCP settings, a related issue to CVE-2017-11649.

Published: July 31, 2019; 02:15:10 PM -04:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-10163

A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.

Published: July 30, 2019; 07:15:12 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2019-10162

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.

Published: July 30, 2019; 07:15:12 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-14412

Maketext in cPanel before 78.0.2 allows format-string injection in the DCV check_domains_via_dns UAPI (SEC-474).

Published: July 30, 2019; 11:15:12 AM -04:00
V3: 3.3 LOW
V2: 2.1 LOW