Vulnerabilities > ISC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-6474 | Missing Release of Resource after Effective Lifetime vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0 A missing check on incoming client requests can be exploited to cause a situation where the Kea server's lease storage contains leases which are rejected as invalid when the server tries to load leases from storage on restart. | 6.5 |
| 2019-10-16 | CVE-2019-6472 | Reachable Assertion vulnerability in ISC KEA 1.4.0/1.5.0/1.6.0 A packet containing a malformed DUID can cause the Kea DHCPv6 server process (kea-dhcp6) to exit due to an assertion failure. | 6.5 |
| 2019-10-09 | CVE-2019-6471 | Reachable Assertion vulnerability in multiple products A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in dispatch.c. | 5.9 |
| 2019-10-09 | CVE-2019-6465 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. | 5.3 |
| 2019-10-09 | CVE-2018-5745 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in ISC Bind "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure for use in DNSSEC validation. | 4.9 |
| 2019-01-16 | CVE-2018-5741 | Incorrect Authorization vulnerability in ISC Bind To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. | 6.5 |
| 2019-01-16 | CVE-2018-5736 | Reachable Assertion vulnerability in multiple products An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of BIND attempts several transfers of a slave zone in quick succession. | 5.3 |
| 2019-01-16 | CVE-2017-3143 | An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. | 5.9 |
| 2019-01-16 | CVE-2017-3140 | Resource Exhaustion vulnerability in multiple products If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. | 5.9 |
| 2019-01-16 | CVE-2017-3138 | Reachable Assertion vulnerability in multiple products named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. | 5.3 |