CVSS: 7.8EPSS: 89%CPEs: 68EXPL: 0CVE-2013-2266 – bind: libdns regular expressions excessive resource consumption DoS
https://notcve.org/view.php?id=CVE-2013-2266
28 Mar 2013 — libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. libdns en ISC BIND v9.7.x y v9.8.x antes v9.8.4-P2, v9.8.5 antes de v9.8.5b2, v9.9.x antes de v9.9.2-P2, y v9.9.3 antes v9.9.3b2 en plataformas UNIX permite a atacantes remoto... • http://linux.oracle.com/errata/ELSA-2014-1244 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 43EXPL: 0CVE-2012-5689 – bind: denial of service when processing queries and with both DNS64 and RPZ enabled
https://notcve.org/view.php?id=CVE-2012-5689
25 Jan 2013 — ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain configurations involving DNS64 with a Response Policy Zone that lacks an AAAA rewrite rule, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for an AAAA record. ISC BIND v9.8.x hasta 9.8.4-P1 y v9.9.x hasta v9.9.2-P1, en ??ciertas configuraciones que implican DNS64 con una zona de política de respuesta que carece de una regla de reescritura AAAA, permite a atacantes remotos provoc... • http://rhn.redhat.com/errata/RHSA-2013-0550.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 39EXPL: 0CVE-2012-5688 – bind: DoS on servers using DNS64
https://notcve.org/view.php?id=CVE-2012-5688
06 Dec 2012 — ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. ISC BIND v9.8.x antes de v9.8.4-P1 y v9.9.x antes de v9.9.2-P1, cuando DNS64 está activado, permite a atacantes remotos provocar una denegación de servicio (error de aserción y salida del demonio) a través de una consulta manipulada. OS X Mountain Lion v10.8.5 and Security Update 2013-004 is now available and addresses ... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 0%CPEs: 17EXPL: 0CVE-2012-3523 – Gentoo Linux Security Advisory 201401-24
https://notcve.org/view.php?id=CVE-2012-3523
11 Nov 2012 — The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. La implementación STARTTLS en nnrpd en INN antes de v2.5.3 no restringe correctamente el búfer de E/S, lo que permite a atacantes man-in-the-middle introducir comandos en s... • http://lists.opensuse.org/opensuse-updates/2012-09/msg00058.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 10%CPEs: 278EXPL: 0CVE-2012-5166 – bind: Specially crafted DNS data can cause a lockup in named
https://notcve.org/view.php?id=CVE-2012-5166
10 Oct 2012 — ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records. ISC BIND v9.x antes de v9.7.6-P4, v9.8.x antes de v9.8.3-P4, v9.9.x antes de v9.9.1-P4, y v9.4-ESV y 9.6-ESV antes de v9.6-ESV-R7-P, permite a atacantes remotos provocar una denegación de servicio a través de combinaciones no especificadas de registros de recursos. Po... • http://aix.software.ibm.com/aix/efixes/security/bind9_advisory5.asc • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 2%CPEs: 31EXPL: 0CVE-2012-3955 – dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash
https://notcve.org/view.php?id=CVE-2012-3955
14 Sep 2012 — ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. ISC DHCP v4.1-4.1.x antes de v4.1-ESV-R7 y v4.2.x antes de v4.2.4-P2 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) en determinadas circunstancias mediante el establecimiento de un 'lease' IPv6 en un entorno donde la ex... • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/088882.html •
CVSS: 9.8EPSS: 33%CPEs: 278EXPL: 0CVE-2012-4244 – bind: specially crafted resource record causes named to exit
https://notcve.org/view.php?id=CVE-2012-4244
14 Sep 2012 — ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record. ISC BIND v9.x antes de v9.7.6-P3, v9.8.x antes de v9.8.3-P3, v9.9.x antes de v9.9.1-P3, y v9.4-ESV y v9.6-ESV antes de v9.6-ESV-R7-P3 permite provocar una denegación de servicio (error de aserción y salida de demonio) a atacantes remotos a través de una co... • http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html •
CVSS: 7.5EPSS: 10%CPEs: 33EXPL: 1CVE-2012-3571 – ISC DHCP 4.x - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-3571
25 Jul 2012 — ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed client identifier. ISC DHCP v4.1.2 a v4.2.4 y v4.1-ESV antes de v4.1-ESV-R6 permite a atacantes remotos causar una denegación de servicio (bucle infinito y excesivo consumo de CPU) a través de un identificador de cliente con formato incorrecto. • https://www.exploit-db.com/exploits/37538 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 3%CPEs: 46EXPL: 0CVE-2012-3954 – dhcp: two memory leaks may result in DoS
https://notcve.org/view.php?id=CVE-2012-3954
25 Jul 2012 — Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests. Múltiples fugas de memoria en ISC DHCP 4.1.x y 4.2.x anterior a 4.2.4-P1 y 4.1-ESV anterior a 4.1-ESV-R6, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante el envío de multitud de peticiones. • http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html • CWE-399: Resource Management Errors CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2012-3868
https://notcve.org/view.php?id=CVE-2012-3868
25 Jul 2012 — Race condition in the ns_client structure management in ISC BIND 9.9.x before 9.9.1-P2 allows remote attackers to cause a denial of service (memory consumption or process exit) via a large volume of TCP queries. Condición de carrera en la estructura de gestión ns_client en ISC BIND v9.9.x anterior a v9.9.1-P2 permite a atacantes remotos causar una denegación de servicio (consumo de memoria o la salida del proceso) a través de un gran volumen de consultas TCP. • http://www.slackware.com/security/viewer.php?l=slackware-security&y=2012&m=slackware-security.536004 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •