Filtered by vendor Isc
Subscribe
Total
221 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4244 | 1 Isc | 1 Bind | 2023-12-10 | 7.8 HIGH | N/A |
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. | |||||
CVE-2013-4854 | 10 Fedoraproject, Freebsd, Hp and 7 more | 12 Fedora, Freebsd, Hp-ux and 9 more | 2023-12-10 | 7.8 HIGH | N/A |
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013. | |||||
CVE-2012-3817 | 1 Isc | 1 Bind | 2023-12-10 | 7.8 HIGH | N/A |
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries. | |||||
CVE-2012-3868 | 1 Isc | 1 Bind | 2023-12-10 | 4.3 MEDIUM | N/A |
Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries. | |||||
CVE-2011-4539 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2023-12-10 | 5.0 MEDIUM | N/A |
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet. | |||||
CVE-2010-0218 | 1 Isc | 1 Bind | 2023-12-10 | 5.0 MEDIUM | N/A |
ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query. | |||||
CVE-2011-2748 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2023-12-10 | 7.8 HIGH | N/A |
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet. | |||||
CVE-2011-2464 | 1 Isc | 1 Bind | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. | |||||
CVE-2011-1907 | 1 Isc | 1 Bind | 2023-12-10 | 5.0 MEDIUM | N/A |
ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query. | |||||
CVE-2010-3611 | 1 Isc | 1 Dhcp | 2023-12-10 | 4.3 MEDIUM | N/A |
ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field. | |||||
CVE-2011-0413 | 1 Isc | 1 Dhcp | 2023-12-10 | 7.8 HIGH | N/A |
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address. | |||||
CVE-2010-3615 | 1 Isc | 1 Bind | 2023-12-10 | 5.0 MEDIUM | N/A |
named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism. | |||||
CVE-2010-3762 | 1 Isc | 1 Bind | 2023-12-10 | 4.3 MEDIUM | N/A |
ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not properly handle certain bad signatures if multiple trust anchors exist for a single zone, which allows remote attackers to cause a denial of service (daemon crash) via a DNS query. | |||||
CVE-2010-0382 | 1 Isc | 1 Bind | 2023-12-10 | 7.6 HIGH | N/A |
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. | |||||
CVE-2011-0414 | 1 Isc | 1 Bind | 2023-12-10 | 7.1 HIGH | N/A |
ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service (deadlock and daemon hang) by sending a query at the time of (1) an IXFR transfer or (2) a DDNS update. | |||||
CVE-2010-0213 | 1 Isc | 1 Bind | 2023-12-10 | 2.6 LOW | N/A |
BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. | |||||
CVE-2011-2465 | 1 Isc | 1 Bind | 2023-12-10 | 2.6 LOW | N/A |
Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query. | |||||
CVE-2011-0997 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2023-12-10 | 7.5 HIGH | N/A |
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script. | |||||
CVE-2010-3616 | 1 Isc | 1 Dhcp | 2023-12-10 | 5.0 MEDIUM | N/A |
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover partnerships, allows remote attackers to cause a denial of service (communications-interrupted state and DHCP client service loss) by connecting to a port that is only intended for a failover peer, as demonstrated by a Nagios check_tcp process check to TCP port 520. | |||||
CVE-2012-1033 | 1 Isc | 1 Bind | 2023-12-10 | 5.0 MEDIUM | N/A |
The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack. |