cbcvebase.

Isc Bind vulnerabilities

195 known vulnerabilities affecting isc/bind.

Total CVEs
195
CISA KEV
0
Public exploits
16
Exploited in wild
4
Severity breakdown
CRITICAL9HIGH100MEDIUM80LOW6

Vulnerabilities

Page 10 of 10
CVE-2009-4022P4LOWCVSS 2.6v9.0v9.0.0+35 more2009-11-25
CVE-2009-4022 [LOW] CVE-2009-4022: Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P4, 9.5 before 9.5.2-P1, 9.6 before 9.6.1-P2, and 9.7 beta before 9.7.0b3, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains an Additional se
nvd
CVE-2002-1221P4MEDIUMCVSS 5.0v8.1v8.1.1+12 more2002-11-29
CVE-2002-1221 [MEDIUM] CVE-2002-1221: BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR eleme BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
nvd
CVE-2003-0914P4MEDIUMCVSS 4.3v8.2.3v8.2.4+12 more2003-12-15
CVE-2003-0914 [MEDIUM] CVE-2003-0914: ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value.
nvd
CVE-2012-3868P4MEDIUMCVSS 4.3v9.9.0v9.9.12012-07-25
CVE-2012-3868 [MEDIUM] CWE-362 CVE-2012-3868: Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries.
nvd
CVE-2000-0335P4HIGHCVSS 7.5v8.2v8.2.1+1 more2000-05-03
CVE-2000-0335 [HIGH] CVE-2000-0335: The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query r The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
nvd
CVE-2001-0012P4MEDIUMCVSS 5.0v4.9.3v4.9.5+5 more2001-02-12
CVE-2001-0012 [MEDIUM] CVE-2001-0012: BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variabl BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
nvd
CVE-1999-0024P4MEDIUMCVSS 5.0v4.9.5v8.11997-08-13
CVE-1999-0024 [MEDIUM] CVE-1999-0024: DNS cache poisoning via BIND, by predictable query IDs. DNS cache poisoning via BIND, by predictable query IDs.
nvd
CVE-2002-2213P4MEDIUMCVSS 5.0v4.9v4.9.2+21 more2002-12-31
CVE-2002-2213 [MEDIUM] CVE-2002-2213: The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries f The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing
nvd
CVE-2002-2212P4MEDIUMCVSS 5.0v4.9v4.9.2+21 more2002-12-31
CVE-2002-2212 [MEDIUM] CVE-2002-2212: The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a r
nvd
CVE-2001-0497P4HIGHCVSS 7.8≤ 8.2.4≥ 9.0, ≤ 9.1.22001-07-21
CVE-2001-0497 [HIGH] CWE-276 CVE-2001-0497: dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permi dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
nvd
CVE-1999-0184P4MEDIUMCVSS 6.4v9.4.01997-07-01
CVE-1999-0184 [MEDIUM] CVE-1999-0184: When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowi When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.
nvd
CVE-2011-2465P4LOWCVSS 2.6v9.8.0v9.8.12011-07-08
CVE-2011-2465 [LOW] CVE-2011-2465: Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is en Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query.
nvd
CVE-2010-0213P4LOWCVSS 2.6v9.7.12010-07-28
CVE-2010-0213 [LOW] CWE-19 CVE-2010-0213: BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured st BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative
nvd
CVE-1999-0011P4MEDIUMCVSS 5.4v4.9v81998-04-08
CVE-1999-0011 [MEDIUM] CWE-1067 CVE-1999-0011: Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
nvd
CVE-1999-0010P4MEDIUMCVSS 5.0v4.9v81998-04-08
CVE-1999-0010 [MEDIUM] CVE-1999-0010: Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
nvd
Isc Bind vulnerabilities | cvebase