CVSS: 7.5EPSS: 4%CPEs: 9EXPL: 0CVE-2006-4095
https://notcve.org/view.php?id=CVE-2006-4095
06 Sep 2006 — BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de ciertas consultas SIG, lo cual provoca una falta de aserción cuando múltiples RRsets se devuelven. • http://docs.info.apple.com/article.html?artnum=305530 • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2006-0527
https://notcve.org/view.php?id=CVE-2006-0527
02 Feb 2006 — BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack. • http://attrition.org/pipermail/vim/2006-February/000551.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 31EXPL: 0CVE-2002-2211
https://notcve.org/view.php?id=CVE-2002-2211
31 Dec 2002 — BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. • http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html •
CVSS: 7.5EPSS: 2%CPEs: 32EXPL: 0CVE-2002-2212
https://notcve.org/view.php?id=CVE-2002-2212
31 Dec 2002 — The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. • http://www.imconf.net/imw-2002/imw2002-papers/198.pdf •
CVSS: 7.5EPSS: 2%CPEs: 32EXPL: 0CVE-2002-2213
https://notcve.org/view.php?id=CVE-2002-2213
31 Dec 2002 — The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. • http://www.imconf.net/imw-2002/imw2002-papers/198.pdf •
CVSS: 9.8EPSS: 7%CPEs: 24EXPL: 0CVE-2002-1219
https://notcve.org/view.php?id=CVE-2002-1219
29 Nov 2002 — Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). Desbordamiento de búfer en BIND versiones 4 anteriores a 4.9.10, y versiones 8 anteriores a 8.3.3, permite a atacantes remotos ejecutar código arbitrario mediante una cierta respuesta de servidor DNS conteniendo registros de recursos (RR) SIG. • ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P •
CVSS: 9.8EPSS: 26%CPEs: 18EXPL: 0CVE-2002-0029
https://notcve.org/view.php?id=CVE-2002-0029
21 Nov 2002 — Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 through 4.9.10, and other derived libraries such as BSD libc and GNU glibc, allow remote attackers to execute arbitrary code via DNS server responses that trigger the overflow in the (1) getnetbyname, or (2) getnetbyaddr functions, aka "LIBRESOLV: buffer overrun" and a different vulnerability than CVE-2002-0684. Desbordamientos de búfer en la libreria de resolución de raíz DNS en ISC BIND 4.9.2 a 4.9.10, y otras librerías derivadas como BSD... • ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2001-0497
https://notcve.org/view.php?id=CVE-2001-0497
21 Jul 2001 — dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. • http://www.osvdb.org/5609 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 20%CPEs: 15EXPL: 0CVE-2001-0012
https://notcve.org/view.php?id=CVE-2001-0012
12 Feb 2001 — BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. • http://www.cert.org/advisories/CA-2001-02.html •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-1999-0849
https://notcve.org/view.php?id=CVE-1999-0849
10 Nov 1999 — Denial of service in BIND named via maxdname. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt •