Vulnerabilities > ISC > Bind > 9.10.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-12-11 | CVE-2014-8680 | Improper Input Validation vulnerability in ISC Bind 9.10.0/9.10.1 The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. | 5.4 |
2014-12-11 | CVE-2014-8500 | Resource Management Errors vulnerability in ISC Bind ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals. | 7.8 |
2014-06-13 | CVE-2014-3859 | Improper Input Validation vulnerability in ISC Bind 9.10.0 libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv. | 5.0 |
2014-05-09 | CVE-2014-3214 | Improper Input Validation vulnerability in ISC Bind 9.10.0 The prefetch implementation in named in ISC BIND 9.10.0, when a recursive nameserver is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a DNS query that triggers a response with unspecified attributes. | 5.0 |
2010-01-22 | CVE-2010-0382 | Unspecified vulnerability in ISC Bind ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. | 7.6 |