CVSS: 5.9EPSS: 90%CPEs: 42EXPL: 0CVE-2016-2775 – bind: Too long query name causes segmentation fault in lwresd
https://notcve.org/view.php?id=CVE-2016-2775
19 Jul 2016 — ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. ISC BIND 9.x en versiones anteriores a 9.9.9-P2, 9.10.x en versiones anteriores a 9.10.4-P2 y 9.11.x en versiones anteriores a 9.11.0b2, cuando lwresd o la opción nombrada lwres está habilitada, permite a atacantes remotos provocar una denegación ... • http://www.securityfocus.com/bid/92037 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 15EXPL: 1CVE-2016-6170 – Ubuntu Security Notice USN-5747-1
https://notcve.org/view.php?id=CVE-2016-6170
06 Jul 2016 — ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. ISC BIND hasta la versión 9.9.9-P1, 9.10.x hasta la versión 9.10.4-P1 y 9.11.x hasta la v... • http://www.openwall.com/lists/oss-security/2016/07/06/3 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 48%CPEs: 228EXPL: 0CVE-2016-1285 – bind: malformed packet sent to rndc can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1285
09 Mar 2016 — named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fetch reply messages, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 no maneja adecuadamente los archivos DNAME cuando analiza gramaticalmente l... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html • CWE-617: Reachable Assertion •
CVSS: 8.6EPSS: 74%CPEs: 228EXPL: 0CVE-2016-1286 – bind: malformed signature records for DNAME records can trigger assertion failure
https://notcve.org/view.php?id=CVE-2016-1286
09 Mar 2016 — named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. named en ISC BIND 9.x en versiones anteriores a 9.9.8-P4 y 9.10.x en versiones anteriores a 9.10.3-P4 permite a atacantes remotos provocar una denegación de servicio (fallo de aserción y salida de demonio) a través de un registro de firma manipulado para un registro DNAME, ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html • CWE-617: Reachable Assertion •
CVSS: 7.0EPSS: 4%CPEs: 59EXPL: 0CVE-2015-8705 – Gentoo Linux Security Advisory 201610-07
https://notcve.org/view.php?id=CVE-2015-8705
20 Jan 2016 — buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. buffer.c en named en ISC BIND 9.10.x en versiones anteriores a 9.10.3-P3, cuando inicio de sesión depurado está habilitado, permite a atacantes remotos provocar una denegación de servicio (error de aserción REQUIRE y salida del dem... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 96%CPEs: 59EXPL: 0CVE-2015-8704 – bind: specific APL data could trigger an INSIST in apl_42.c
https://notcve.org/view.php?id=CVE-2015-8704
20 Jan 2016 — apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. apl_42.c en ISC BIND 9.x en versiones anteriores a 9.9.8-P3, 9.9.x y 9.10.x en versiones anteriores a 9.10.3-P3 permite a usuarios remotos autenticados provocar una denegación de servicio (fallo de la afirmación INSIST y salida de demonio) a través de un registro Address Prefix ... • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176564.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 12%CPEs: 164EXPL: 0CVE-2015-8461 – Slackware Security Advisory - bind Updates
https://notcve.org/view.php?id=CVE-2015-8461
16 Dec 2015 — Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. Condición de carrera en resolver.c en named en ISC BIND 9.9.8 en versiones anteriores a 9.9.8-P2 y 9.10.3 en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción INSIST y salida del demonio) a través de vectores no especificados. ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 95%CPEs: 170EXPL: 0CVE-2015-8000 – bind: responses with a malformed class attribute can trigger an assertion failure in db.c
https://notcve.org/view.php?id=CVE-2015-8000
16 Dec 2015 — db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. db.c en named en ISC BIND 9.x en versiones anteriores a 9.9.8-P2 y 9.10.x en versiones anteriores a 9.10.3-P2 permite a atacantes remotos causar una denegación de servicio (falla de aserción REQUIRE y salida del demonio) a través de un atributo de clase mal formado. A denial of service flaw was found in the... • http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174143.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 94%CPEs: 3EXPL: 0CVE-2015-5986 – Apple Security Advisory 2015-10-21-8
https://notcve.org/view.php?id=CVE-2015-5986
03 Sep 2015 — openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. Openpgpkey_61.c en demonio named en ISC BIND 9.9.7 en versiones anteriores a 9.9.7-P3 y 9.10.x en versiones anteriores a 9.10.2-P4, permite a atacantes remotos causar una denegación de servicio (error en aserción REQUIRE y salida del demonio) a través de una respuesta DNS manipulada. New bind packag... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 96%CPEs: 3EXPL: 0CVE-2015-5722 – bind: malformed DNSSEC key failed assertion denial of service
https://notcve.org/view.php?id=CVE-2015-5722
02 Sep 2015 — buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone. Vulnerabilidad en buffer.c en nombrado en ISC BIND 9.x en versiones anteriores a 9.9.7-P3 y 9.10.x en versiones anteriores a 9.10.2-P4, permite a atacantes remotos causar una denegación de servicio (error de aserción y salida del demonio) mediante... • http://lists.apple.com/archives/security-announce/2015/Oct/msg00009.html • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •