Vulnerabilities > ISC > Bind

DATE CVE VULNERABILITY TITLE RISK
2019-10-09 CVE-2019-6465 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition.
network
low complexity
isc redhat CWE-732
5.3
2019-10-09 CVE-2018-5745 Use of a Broken or Risky Cryptographic Algorithm vulnerability in ISC Bind
"managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation.
network
low complexity
isc CWE-327
4.9
2019-10-09 CVE-2018-5744 Missing Release of Resource after Effective Lifetime vulnerability in ISC Bind
A failure to free memory can occur when processing messages having a specific combination of EDNS options.
network
low complexity
isc CWE-772
7.5
2019-10-09 CVE-2018-5743 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
By design, BIND is intended to limit the number of TCP clients that can be connected at any given time.
network
low complexity
f5 isc CWE-770
7.5
2019-01-16 CVE-2018-5741 Incorrect Authorization vulnerability in ISC Bind
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy.
network
low complexity
isc CWE-863
6.5
2019-01-16 CVE-2018-5740 Reachable Assertion vulnerability in multiple products
"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers.
network
low complexity
isc redhat debian netapp canonical hp opensuse CWE-617
7.5
2019-01-16 CVE-2018-5738 Information Exposure vulnerability in multiple products
Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver.
network
low complexity
isc canonical CWE-200
7.5
2019-01-16 CVE-2018-5737 Reachable Assertion vulnerability in multiple products
A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off.
network
low complexity
isc netapp CWE-617
7.5
2019-01-16 CVE-2018-5736 Reachable Assertion vulnerability in multiple products
An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession.
network
high complexity
isc netapp CWE-617
5.3
2019-01-16 CVE-2018-5734 Reachable Assertion vulnerability in multiple products
While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode.
network
low complexity
isc netapp CWE-617
7.5