Vulnerabilities > ISC > Bind > 9.8.7
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-19 | CVE-2020-8617 | Reachable Assertion vulnerability in multiple products Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. | 5.9 |
2020-05-19 | CVE-2020-8616 | Resource Exhaustion vulnerability in multiple products A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. | 8.6 |
2019-11-05 | CVE-2013-5661 | Authentication Bypass by Spoofing vulnerability in multiple products Cache Poisoning issue exists in DNS Response Rate Limiting. | 2.6 |
2019-01-16 | CVE-2018-5741 | Incorrect Authorization vulnerability in ISC Bind To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. | 4.0 |
2019-01-16 | CVE-2018-5740 | Reachable Assertion vulnerability in multiple products "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. | 5.0 |
2019-01-16 | CVE-2017-3145 | Use After Free vulnerability in multiple products BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free error that can trigger an assertion failure and crash in named. | 7.5 |
2019-01-16 | CVE-2017-3143 | Unspecified vulnerability in ISC Bind An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. | 4.3 |
2019-01-16 | CVE-2017-3142 | Improper Input Validation vulnerability in ISC Bind An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. | 4.3 |
2019-01-16 | CVE-2017-3141 | Unquoted Search Path or Element vulnerability in ISC Bind The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. | 7.2 |
2019-01-16 | CVE-2017-3136 | Reachable Assertion vulnerability in multiple products A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. | 4.3 |