Vulnerabilities > ISC > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-09 | CVE-2019-6465 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected: BIND 9.9.0 -> 9.10.8-P1, 9.11.0 -> 9.11.5-P2, 9.12.0 -> 9.12.3-P2, and versions 9.9.3-S1 -> 9.11.5-S3 of BIND 9 Supported Preview Edition. | 4.3 |
| 2019-10-09 | CVE-2018-5744 | Missing Release of Resource after Effective Lifetime vulnerability in ISC Bind A failure to free memory can occur when processing messages having a specific combination of EDNS options. | 5.0 |
| 2019-10-09 | CVE-2018-5732 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ISC Dhcp Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. | 5.0 |
| 2019-01-16 | CVE-2018-5741 | Incorrect Authorization vulnerability in ISC Bind To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. | 4.0 |
| 2019-01-16 | CVE-2018-5740 | Reachable Assertion vulnerability in multiple products "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. | 5.0 |
| 2019-01-16 | CVE-2018-5739 | Missing Release of Resource after Effective Lifetime vulnerability in ISC KEA 1.4.0 An extension to hooks capabilities which debuted in Kea 1.4.0 introduced a memory leak for operators who are using certain hooks library facilities. | 5.0 |
| 2019-01-16 | CVE-2018-5738 | Information Exposure vulnerability in multiple products Change #4777 (introduced in October 2017) introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. | 5.0 |
| 2019-01-16 | CVE-2018-5737 | Reachable Assertion vulnerability in multiple products A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even when stale-answer-enable is off. | 5.0 |
| 2019-01-16 | CVE-2018-5734 | Reachable Assertion vulnerability in multiple products While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. | 5.0 |
| 2019-01-16 | CVE-2018-5733 | Integer Overflow or Wraparound vulnerability in multiple products A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. | 5.0 |