VYPR

Vendor CVEs

Isc

All CVEs

270 total · sorted by risk
  • CVE-2026-3592MedMay 20, 2026
    risk 0.34cvss 5.3epss 0.00

    BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through…

  • CVE-2025-32803MedMay 28, 2025
    risk 0.26cvss 4.0epss 0.00

    In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.

  • CVE-2020-8617May 19, 2020
    risk 0.10cvss epss 0.93

    Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers…

  • CVE-2015-5477Jul 29, 2015
    risk 0.10cvss epss 0.91

    named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.

  • CVE-2010-2156Jun 7, 2010
    risk 0.09cvss epss 0.76

    ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.

  • CVE-2007-5365Oct 11, 2007
    risk 0.09cvss epss 0.80

    Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request…

  • CVE-2006-0987Mar 3, 2006
    risk 0.08cvss epss 0.57

    The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification)…

  • CVE-2011-0997Apr 8, 2011
    risk 0.07cvss epss 0.84

    dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is…

  • CVE-2001-0010Feb 12, 2001
    risk 0.06cvss epss 0.32

    Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.

  • CVE-2018-5740Jan 16, 2019
    risk 0.05cvss epss 0.59

    "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the…

  • CVE-2014-8500Dec 11, 2014
    risk 0.05cvss epss 0.66

    ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.

  • CVE-2009-0692Jul 14, 2009
    risk 0.05cvss epss 0.26

    Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.

  • CVE-2002-0702Jul 26, 2002
    risk 0.05cvss epss 0.31

    Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.

  • CVE-2000-0887Dec 19, 2000
    risk 0.05cvss epss 0.23

    named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."

  • CVE-2017-3136Jan 16, 2019
    risk 0.04cvss epss 0.11

    A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other…

  • CVE-2017-3135Jan 16, 2019
    risk 0.04cvss epss 0.17

    Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 ->…

  • CVE-2015-8000Dec 16, 2015
    risk 0.04cvss epss 0.55

    db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute.

  • CVE-2012-3571Jul 25, 2012
    risk 0.04cvss epss 0.13

    ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier.

  • CVE-2009-0696Jul 29, 2009
    risk 0.04cvss epss 0.13

    The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the…

  • CVE-2007-2930Sep 12, 2007
    risk 0.04cvss epss 0.08

    The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS…

  • CVE-2007-2926Jul 24, 2007
    risk 0.04cvss epss 0.13

    ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache…

  • CVE-2004-0460Aug 6, 2004
    risk 0.04cvss epss 0.45

    Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3)…

  • CVE-2002-1220Nov 29, 2002
    risk 0.04cvss epss 0.10

    BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

  • CVE-2000-1029Dec 11, 2000
    risk 0.04cvss epss 0.14

    Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query.

  • CVE-1999-0848Nov 10, 1999
    risk 0.04cvss epss 0.06

    Denial of service in BIND named via consuming more than "fdmax" file descriptors.

  • CVE-1999-0009Apr 8, 1998
    risk 0.04cvss epss 0.29

    Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

  • CVE-2023-50387Feb 14, 2024
    risk 0.03cvss epss 1.00

    Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with…

  • CVE-2018-5736Jan 16, 2019
    risk 0.03cvss epss 0.18

    An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. This defect could be deliberately exercised by an attacker who is permitted to…

  • CVE-2017-3141Jan 16, 2019
    risk 0.03cvss epss 0.01

    The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1,…

  • CVE-2017-3138Jan 16, 2019
    risk 0.03cvss epss 0.05

    named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which…

  • CVE-2017-3140Jan 16, 2019
    risk 0.03cvss epss 0.12

    If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0->9.11.1, 9.9.10-S1, 9.10.5-S1.

  • CVE-2015-5722Sep 5, 2015
    risk 0.03cvss epss 0.34

    buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.

  • CVE-2015-4620Jul 8, 2015
    risk 0.03cvss epss 0.38

    name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted…

  • CVE-2014-0591Jan 14, 2014
    risk 0.03cvss epss 0.32

    The query_findclosestnsec3 function in query.c in named in ISC BIND 9.6, 9.7, and 9.8 before 9.8.6-P2 and 9.9 before 9.9.4-P2, and 9.6-ESV before 9.6-ESV-R10-P2, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a crafted DNS…

  • CVE-2013-4854Jul 29, 2013
    risk 0.03cvss epss 0.34

    The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon…

  • CVE-2013-2266Mar 28, 2013
    risk 0.03cvss epss 0.43

    libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a…

  • CVE-2012-5166Oct 10, 2012
    risk 0.03cvss epss 0.34

    ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.

  • CVE-2012-4244Sep 14, 2012
    risk 0.03cvss epss 0.37

    ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.

  • CVE-2011-2749Aug 15, 2011
    risk 0.03cvss epss 0.39

    The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.

  • CVE-2011-2748Aug 15, 2011
    risk 0.03cvss epss 0.39

    The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.

  • CVE-2011-0413Jan 31, 2011
    risk 0.03cvss epss 0.33

    The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned…

  • CVE-2007-0494Jan 25, 2007
    risk 0.03cvss epss 0.43

    ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets,…

  • CVE-2002-0525Aug 12, 2002
    risk 0.03cvss epss 0.04

    Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.

  • CVE-2001-1442Apr 21, 2001
    risk 0.03cvss epss 0.02

    Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.

  • CVE-2000-0472Feb 6, 2000
    risk 0.03cvss epss 0.04

    Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.

  • CVE-1999-0705Sep 1, 1999
    risk 0.03cvss epss 0.05

    Buffer overflow in INN inews program.

  • CVE-1999-1499Apr 10, 1998
    risk 0.03cvss epss 0.01

    named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used.

  • CVE-2021-25216Apr 29, 2021
    risk 0.02cvss epss 0.83

    In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running…

  • CVE-2020-8625Feb 17, 2021
    risk 0.02cvss epss 0.64

    BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid…

  • CVE-2017-3143Jan 16, 2019
    risk 0.02cvss epss 0.18

    An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0->9.8.8,…

Page 2 of 6