ISC : Security Vulnerabilities, CVEs, CVSS score between 7 and 7.99
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
Max CVSS
7.8
EPSS Score
0.05%
Published
2001-07-21
Updated
2024-02-08
Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context."
Max CVSS
7.8
EPSS Score
22.33%
Published
2007-01-25
Updated
2023-02-13
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
Max CVSS
7.8
EPSS Score
2.91%
Published
2008-09-22
Updated
2017-08-08
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address.
Max CVSS
7.8
EPSS Score
1.36%
Published
2011-01-31
Updated
2020-04-01
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.
Max CVSS
7.8
EPSS Score
96.32%
Published
2011-08-15
Updated
2020-01-08
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.
Max CVSS
7.8
EPSS Score
95.20%
Published
2011-08-15
Updated
2020-04-01
ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before 9.8.3-P2; 9.9.x before 9.9.1-P2; and 9.6-ESV before 9.6-ESV-R7-P2, when DNSSEC validation is enabled, does not properly initialize the failing-query cache, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) by sending many queries.
Max CVSS
7.8
EPSS Score
6.58%
Published
2012-07-25
Updated
2018-10-30
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record.
Max CVSS
7.8
EPSS Score
39.98%
Published
2012-09-14
Updated
2022-12-09
ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before 9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows remote attackers to cause a denial of service (named daemon hang) via unspecified combinations of resource records.
Max CVSS
7.8
EPSS Score
19.90%
Published
2012-10-10
Updated
2017-09-19
ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 is enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Max CVSS
7.8
EPSS Score
3.49%
Published
2012-12-06
Updated
2018-12-06
libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process.
Max CVSS
7.8
EPSS Score
94.27%
Published
2013-03-28
Updated
2018-10-30
resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, and 9.6-ESV-R9 before 9.6-ESV-R9-P1, when a recursive resolver is configured, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a record in a malformed zone.
Max CVSS
7.8
EPSS Score
0.73%
Published
2013-06-06
Updated
2018-10-30
The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x before 9.8.5-P2, 9.8.6b1, 9.9.x before 9.9.3-P2, and 9.9.4b1, and DNSco BIND 9.9.3-S1 before 9.9.3-S1-P1 and 9.9.4-S1b1, allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query with a malformed RDATA section that is not properly handled during construction of a log message, as exploited in the wild in July 2013.
Max CVSS
7.8
EPSS Score
95.47%
Published
2013-07-29
Updated
2019-04-22
ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through 9.10.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory consumption and named crash) via a large or infinite number of referrals.
Max CVSS
7.8
EPSS Score
89.80%
Published
2014-12-11
Updated
2017-01-03
name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) by constructing crafted zone data and then making a query for a name in that zone.
Max CVSS
7.8
EPSS Score
15.65%
Published
2015-07-08
Updated
2018-10-30
CVE-2015-5477
Public exploit
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
Max CVSS
7.8
EPSS Score
97.24%
Published
2015-07-29
Updated
2017-11-10
buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a malformed DNSSEC key and issuing a query for a name in that zone.
Max CVSS
7.8
EPSS Score
96.60%
Published
2015-09-05
Updated
2016-12-31
CVE-2016-2776
Public exploit
buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
Max CVSS
7.8
EPSS Score
97.25%
Published
2016-09-28
Updated
2019-12-27
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.
Max CVSS
7.8
EPSS Score
0.06%
Published
2019-01-16
Updated
2019-10-09
ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022.
Max CVSS
7.6
EPSS Score
3.99%
Published
2010-01-22
Updated
2017-09-19
Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
0.45%
Published
1997-07-21
Updated
2008-09-09
Buffer overflow in INN inews program.
Max CVSS
7.5
EPSS Score
1.42%
Published
1999-09-01
Updated
2008-09-09
Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.
Max CVSS
7.5
EPSS Score
1.06%
Published
2000-04-27
Updated
2008-09-09
Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 and 2.0 allow a remote attacker to cause a denial of service (crash) and possibly execute arbitrary commands via long options.
Max CVSS
7.5
EPSS Score
0.35%
Published
1999-12-31
Updated
2016-10-18
Buffer overflow in BIND 8.2 via NXT records.
Max CVSS
7.5
EPSS Score
0.82%
Published
1999-11-10
Updated
2018-10-30