Vulnerabilities > ISC
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-19 | CVE-2020-8616 | Resource Exhaustion vulnerability in multiple products A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. | 8.6 |
| 2019-11-26 | CVE-2019-6477 | Resource Exhaustion vulnerability in multiple products With pipelining enabled each incoming query on a TCP connection requires a similar resource allocation to a query received via UDP or via TCP without pipelining enabled. | 7.5 |
| 2019-11-05 | CVE-2013-5661 | Authentication Bypass by Spoofing vulnerability in multiple products Cache Poisoning issue exists in DNS Response Rate Limiting. | 5.9 |
| 2019-11-01 | CVE-2019-6470 | There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. | 7.5 |
| 2019-10-30 | CVE-2018-5742 | Reachable Assertion vulnerability in ISC Bind 9.9.465/9.9.472 While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. | 7.5 |
| 2019-10-17 | CVE-2019-6476 | Reachable Assertion vulnerability in ISC Bind A defect in code added to support QNAME minimization can cause named to exit with an assertion failure if a forwarder returns a referral rather than resolving the query. | 7.5 |
| 2019-10-17 | CVE-2019-6475 | Insufficient Verification of Data Authenticity vulnerability in ISC Bind Mirror zones are a BIND feature allowing recursive servers to pre-cache zone data provided by other servers. | 7.5 |
| 2019-10-16 | CVE-2019-6474 | Missing Release of Resource after Effective Lifetime vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0 A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. | 6.5 |
| 2019-10-16 | CVE-2019-6472 | Reachable Assertion vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0 A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. | 6.5 |
| 2019-10-09 | CVE-2019-6471 | Reachable Assertion vulnerability in multiple products A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. | 5.9 |