CVSS: 7.5EPSS: 4%CPEs: 9EXPL: 0CVE-2006-4095
https://notcve.org/view.php?id=CVE-2006-4095
06 Sep 2006 — BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de ciertas consultas SIG, lo cual provoca una falta de aserción cuando múltiples RRsets se devuelven. • http://docs.info.apple.com/article.html?artnum=305530 • CWE-617: Reachable Assertion •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 0CVE-2006-0527
https://notcve.org/view.php?id=CVE-2006-0527
02 Feb 2006 — BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack. • http://attrition.org/pipermail/vim/2006-February/000551.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 31EXPL: 0CVE-2002-2211
https://notcve.org/view.php?id=CVE-2002-2211
31 Dec 2002 — BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. • http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html •
CVSS: 7.5EPSS: 2%CPEs: 32EXPL: 0CVE-2002-2212
https://notcve.org/view.php?id=CVE-2002-2212
31 Dec 2002 — The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. • http://www.imconf.net/imw-2002/imw2002-papers/198.pdf •
CVSS: 7.5EPSS: 2%CPEs: 32EXPL: 0CVE-2002-2213
https://notcve.org/view.php?id=CVE-2002-2213
31 Dec 2002 — The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. • http://www.imconf.net/imw-2002/imw2002-papers/198.pdf •
CVSS: 9.8EPSS: 7%CPEs: 24EXPL: 0CVE-2002-1219
https://notcve.org/view.php?id=CVE-2002-1219
29 Nov 2002 — Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR). Desbordamiento de búfer en BIND versiones 4 anteriores a 4.9.10, y versiones 8 anteriores a 8.3.3, permite a atacantes remotos ejecutar código arbitrario mediante una cierta respuesta de servidor DNS conteniendo registros de recursos (RR) SIG. • ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2001-0497
https://notcve.org/view.php?id=CVE-2001-0497
21 Jul 2001 — dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. • http://www.osvdb.org/5609 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 20%CPEs: 15EXPL: 0CVE-2001-0012
https://notcve.org/view.php?id=CVE-2001-0012
12 Feb 2001 — BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. • http://www.cert.org/advisories/CA-2001-02.html •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-1999-0849
https://notcve.org/view.php?id=CVE-1999-0849
10 Nov 1999 — Denial of service in BIND named via maxdname. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 3CVE-1999-1499 – ISC BIND 4.9.7 -T1B - named SIGINT / SIGIOT Symlink
https://notcve.org/view.php?id=CVE-1999-1499
10 Apr 1998 — named in ISC BIND 4.9 and 8.1 allows local users to destroy files via a symlink attack on (1) named_dump.db when root kills the process with a SIGINT, or (2) named.stats when SIGIOT is used. • https://www.exploit-db.com/exploits/19072 •