VYPR

Vendor CVEs

Isc

All CVEs

270 total · sorted by risk
  • CVE-2020-8624Aug 21, 2020
    risk 0.00cvss epss 0.04

    In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the…

  • CVE-2020-8622Aug 21, 2020
    risk 0.00cvss epss 0.06

    In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated…

  • CVE-2020-8621Aug 21, 2020
    risk 0.00cvss epss 0.03

    In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not…

  • CVE-2020-8618Jun 17, 2020
    risk 0.00cvss epss 0.02

    An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.

  • CVE-2019-3692Jan 24, 2020
    risk 0.00cvss epss 0.01

    The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE…

  • CVE-2012-2248Nov 27, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.

  • CVE-2019-6477Nov 26, 2019
    risk 0.00cvss epss 0.04

    With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. A client using a TCP-pipelined connection to a server could consume more resources than the server has been…

  • CVE-2019-6470Nov 1, 2019
    risk 0.00cvss epss 0.09

    There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing…

  • CVE-2018-5742Oct 30, 2019
    risk 0.00cvss epss 0.02

    While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the…

  • CVE-2018-5735Oct 30, 2019
    risk 0.00cvss epss 0.01

    The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other…

  • CVE-2019-6476Oct 17, 2019
    risk 0.00cvss epss 0.03

    A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. This affects BIND versions 9.14.0 up to 9.14.6, and 9.15.0 up to 9.15.4.

  • CVE-2019-6475Oct 17, 2019
    risk 0.00cvss epss 0.01

    Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. A mirror zone is similar to a zone of type secondary, except that its data is subject to DNSSEC validation before being used in answers, as if it had been looked up via…

  • CVE-2019-6474Oct 16, 2019
    risk 0.00cvss epss 0.01

    A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. If the number of such leases exceeds a hard-coded…

  • CVE-2019-6473Oct 16, 2019
    risk 0.00cvss epss 0.01

    An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process (kea-dhcp4), causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

  • CVE-2019-6472Oct 16, 2019
    risk 0.00cvss epss 0.01

    A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2.

  • CVE-2019-6471Oct 9, 2019
    risk 0.00cvss epss 0.03

    A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. Versions affected: BIND 9.11.0 -> 9.11.7, 9.12.0 -> 9.12.4-P1, 9.14.0 -> 9.14.2. Also all releases of the BIND 9.13 development branch…

  • CVE-2019-6469Oct 9, 2019
    risk 0.00cvss epss 0.02

    An error in the EDNS Client Subnet (ECS) feature for recursive resolvers can cause BIND to exit with an assertion failure when processing a response that has malformed RRSIGs. Versions affected: BIND 9.10.5-S1 -> 9.11.6-S1 of BIND 9 Supported Preview Edition.

  • CVE-2019-6468Oct 9, 2019
    risk 0.00cvss epss 0.03

    In BIND Supported Preview Edition, an error in the nxdomain-redirect feature can occur in versions which support EDNS Client Subnet (ECS) features. In those versions which have ECS support, enabling nxdomain-redirect is likely to lead to BIND exiting due to assertion failure.…

  • CVE-2019-6465Oct 9, 2019
    risk 0.00cvss epss 0.04

    Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition.…

  • CVE-2018-5745Oct 9, 2019
    risk 0.00cvss epss 0.02

    "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. Due to an error in the managed-keys feature it is possible for a BIND server which uses managed-keys to exit…

  • CVE-2018-5744Oct 9, 2019
    risk 0.00cvss epss 0.03

    A failure to free memory can occur when processing messages having a specific combination of EDNS options. Versions affected are: BIND 9.10.7 -> 9.10.8-P1, 9.11.3 -> 9.11.5-P1, 9.12.0 -> 9.12.3-P1, and versions 9.10.7-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. Versions…

  • CVE-2018-5743Oct 9, 2019
    risk 0.00cvss epss 0.06

    By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to…

  • CVE-2018-5732Oct 9, 2019
    risk 0.00cvss epss 0.05

    Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section.…

  • CVE-2017-3139Apr 9, 2019
    risk 0.00cvss epss 0.02

    A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.

  • CVE-2016-9778Jan 16, 2019
    risk 0.00cvss epss 0.07

    An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a…

  • CVE-2018-5738Jan 16, 2019
    risk 0.00cvss epss 0.11

    Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended (and documented) behavior is that if an operator has not…

  • CVE-2017-3142Jan 16, 2019
    risk 0.00cvss epss 0.05

    An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys…

  • CVE-2018-5739Jan 16, 2019
    risk 0.00cvss epss 0.02

    An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. In order to support multiple requests simultaneously, Kea 1.4 added a callout handle store but unfortunately the initial…

  • CVE-2018-5741Jan 16, 2019
    risk 0.00cvss epss 0.03

    To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a client, depending on the key used…

  • CVE-2018-5737Jan 16, 2019
    risk 0.00cvss epss 0.10

    A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. Additionally, problematic interaction between the serve-stale feature and NSEC aggressive negative caching can in some…

  • CVE-2018-5734Jan 16, 2019
    risk 0.00cvss epss 0.06

    While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the receiving view has the SERVFAIL cache feature enabled, this can trigger an assertion failure in badcache.c when the request doesn't contain all of…

  • CVE-2015-8461Dec 16, 2015
    risk 0.00cvss epss 0.05

    Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors.

  • CVE-2013-6230Nov 8, 2013
    risk 0.00cvss epss 0.06

    The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask…

  • CVE-2013-3919Jun 6, 2013
    risk 0.00cvss epss 0.05

    resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a…

  • CVE-2013-2494Mar 28, 2013
    risk 0.00cvss epss 0.01

    libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service (memory consumption) via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to…

  • CVE-2012-3523Nov 11, 2012
    risk 0.00cvss epss 0.03

    The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext…

  • CVE-2012-3954Jul 25, 2012
    risk 0.00cvss epss 0.04

    Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests.

  • CVE-2012-3868Jul 25, 2012
    risk 0.00cvss epss 0.03

    Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.

  • CVE-2012-3570Jul 25, 2012
    risk 0.00cvss epss 0.03

    Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is enabled, allows remote attackers to cause a denial of service (segmentation fault and daemon exit) via a crafted client identifier parameter.

  • CVE-2011-4868Jan 15, 2012
    risk 0.00cvss epss 0.04

    The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash)…

  • CVE-2011-1907May 9, 2011
    risk 0.00cvss epss 0.05

    ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query.

  • CVE-2010-0218Oct 5, 2010
    risk 0.00cvss epss 0.04

    ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.

  • CVE-2009-1893Jul 17, 2009
    risk 0.00cvss epss 0.01

    The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the "dhcpd -t" command.

  • CVE-2008-4163Sep 22, 2008
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.

  • CVE-2007-6283Dec 18, 2007
    risk 0.00cvss epss 0.00

    Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

  • CVE-2007-5471Oct 16, 2007
    risk 0.00cvss epss 0.03

    libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE: this issue probably affects…

  • CVE-2007-2925Jul 24, 2007
    risk 0.00cvss epss 0.06

    The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.

  • CVE-2006-3122Aug 9, 2006
    risk 0.00cvss epss 0.04

    The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes…

  • CVE-2003-0914Dec 15, 2003
    risk 0.00cvss epss 0.03

    ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.

  • CVE-2002-2213Dec 31, 2002
    risk 0.00cvss epss 0.02

    The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR)…

Page 5 of 6