Page 11 of 56 results (0.016 seconds)

CVSS: 2.6EPSS: 17%CPEs: 4EXPL: 0

CVE-2011-2465

https://notcve.org/view.php?id=CVE-2011-2465

Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and 9.8.1b1, when recursion is enabled and the Response Policy Zone (RPZ) contains DNAME or certain CNAME records, allows remote attackers to cause a denial of service (named daemon crash) via an unspecified query. Vulnerabilidad no especificada en ISC BIND 9 v9.8.0, v9.8.0-P1, v9.8.0-P2, y v9.8.1b1, cuando la reclusión está habilitada y la Response Policy Zone (RPZ) contiene DNAME o algun registro CNAME, permite a atacantes remotos causar una denegación de servicio (caída del demonio) a través de una consulta no especificada • http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html http://osvdb.org/73604 http://secunia.com/advisories/45185 http://www.isc.org/software/bind/advisories/cve-2011-2465 http://www.kb.cert.org/vuls/id/137968 http://www.securityfocus.com/archive/1/518750/100/0/threaded http://www.securityfocus.com/bid/48565 http://www.securitytracker.com/id?1025743 https://exchange.xforce.ib •

CVSS: 5.0EPSS: 5%CPEs: 41EXPL: 0

CVE-2011-2464 – bind: Specially constructed packet will cause named to exit

https://notcve.org/view.php?id=CVE-2011-2464

Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, 9.7.x before 9.7.3-P3, and 9.8.x before 9.8.0-P4 allows remote attackers to cause a denial of service (named daemon crash) via a crafted UPDATE request. Vulnerabilidad no especificada en ISC BIND 9 v9.6.x antesw de v9.6-ESV-R4-P3, v9.7.x antes de v9.7.3-P3, y v9.8.x antes de v9.8.0-P4, permite a usuarios remotos provocar una denegación de servicio a través de una petición UPDATE manipulada. • http://blogs.oracle.com/sunsecurity/entry/cve_2011_2464_remote_denial http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062522.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062846.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00004.html http://lists.opensuse.org/opensuse-security-announce/20 •

CVSS: 5.0EPSS: 94%CPEs: 238EXPL: 0

CVE-2011-1910 – bind: Large RRSIG RRsets and Negative Caching can crash named

https://notcve.org/view.php?id=CVE-2011-1910

Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets. Error de superación de límite (off-by-one) en named de ISC BIND 9.x anteriores a 9.7.3-P1, 9.8.x anteriores a 9.8.0-P2, 9.4-ESV anteriores a 9.4-ESV-R4-P1, y 9.6-ESV anteriores a 9.6-ESV-R4-P1 permite a servidores remotos DNS provocar una denegación de servicio (fallo de aserción y finalización del demonio) a través de una respuesta negativa que contenga RRSIG RRsets de gran tamaño. • http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061082.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061401.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061405.html http://marc.info/?l=bugtraq&m=142180687100892&w=2 http://osvdb.org/72540 http://secunia.com/advisories/44677 http://secunia.com/advisories/44719 http://secunia.com/advisories/447 • CWE-189: Numeric Errors •

CVSS: 5.0EPSS: 90%CPEs: 1EXPL: 0

CVE-2011-1907

https://notcve.org/view.php?id=CVE-2011-1907

ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset replacement is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an RRSIG query. ISC BIND v9.8.x anterior a v9.8.0-P1, cuando el reemplazo Response Policy Zones (RPZ) RRset es habilitado, permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida del demonio) a través de un consulta RRSIG. • http://secunia.com/advisories/44416 http://www.securityfocus.com/archive/1/517900/100/0/threaded http://www.securityfocus.com/bid/47734 http://www.securitytracker.com/id?1025503 http://www.vupen.com/english/advisories/2011/1183 https://exchange.xforce.ibmcloud.com/vulnerabilities/67297 https://www.isc.org/CVE-2011-1907 • CWE-399: Resource Management Errors •

CVSS: 7.6EPSS: 4%CPEs: 168EXPL: 0

CVE-2010-0382 – bind: out-of-bailiwick data vulnerability due to regression while fixing CVE-2009-4022

https://notcve.org/view.php?id=CVE-2010-0382

ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. ISC BIND 9.0.x a 9.3.x, 9.4 en versiones anteriores a la 9.4.3-P5, 9.5 en versiones anteriores a la 9.5.2-P2, 9.6 en versiones anteriores a la 9.6.1-P3, y 9.7.0 beta maneja de manera inapropiada los datos de acompañamiento de una respuesta segura sin volver a consultar a la fuente original, lo que permite a atacantes remotos tener un impacto no especificado mediante una respuesta manipulada, también conocido como Bug 20819. NOTA: esta vulnerabilidad existe debido a una regresión durante la solución de CVE-2009-4022. • http://secunia.com/advisories/40086 http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0018 http://www.debian.org/security/2010/dsa-2054 http://www.vupen.com/english/advisories/2010/0622 http://www.vupen.com/english/advisories/2010/1352 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11753 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6665 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval •