CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2021/03/01 2:30 p.m.•1 views

bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation

A buffer overflow flaw was found in the SPNEGO implementation used by BIND. This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

8.1CVSS7.3AI score0.64161EPSS

Exploits0References5

RedHat Linux•added 2021/03/01 2:30 p.m.•73 views

Important: Red Hat Security Advisory: bind security update

An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.1CVSS6.9AI score0.64161EPSS

Exploits0References2

AlmaLinux•added 2021/03/01 1:54 p.m.•33 views

Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

6.8CVSS2.2AI score0.64161EPSS

Tenable Nessus•added 2021/03/01 12:0 a.m.•27 views

RHEL 8 : bind (RHSA-2021:0669)

"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0669 advisory. The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named C Tenable, Inc...

8.1CVSS6.8AI score0.64161EPSS

Exploits0References4

Tenable Nessus•added 2021/02/22 12:0 a.m.•39 views

Debian DLA-2568-1 : bind9 security update

It was discovered that there was a buffer overflow attack in the bind9 DNS server caused by an issue in the GSSAPI 'Generic Security Services' security policy negotiation. For Debian 9 'Stretch', this problem has been fixed in version 1:9.10.3.dfsg.P4-12.3+deb9u8. We recommend that you upgrade yo...

8.1CVSS7AI score0.64161EPSS

Exploits0References4

OpenVAS•added 2021/02/20 12:0 a.m.•8 views

Debian: Security Advisory (DLA-2568-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS8.2AI score0.64161EPSS

Exploits0References3

Debian•added 2021/02/19 8:50 a.m.•141 views

[SECURITY] [DLA 2568-1] bind9 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2568-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb February 19, 2021 https://wiki.debian.org/LTS -...

8.1CVSS8.6AI score0.64161EPSS

Tenable Nessus•added 2021/02/19 12:0 a.m.•19 views

Debian DSA-4857-1 : bind9 - security update

A buffer overflow vulnerability was discovered in the SPNEGO implementation affecting the GSSAPI security policy negotiation in BIND, a DNS server implementation, which could result in denial of service daemon crash, or potentially the execution of arbitrary code. C Tenable Network Security, Inc...

8.1CVSS7.2AI score0.64161EPSS

Exploits0References5

Veracode•added 2021/02/18 9:52 p.m.•39 views

Remote Code Execution

bind9 is vulnerable to remote code execution. A buffer overflow in GSSAPI security policy negotiation can result in remote code execution...

8.1CVSS4.9AI score0.64161EPSS

Exploits0References15Affected Software6

Debian•added 2021/02/18 9:42 p.m.•134 views

[SECURITY] [DSA 4857-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4857-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 18, 2021 https://www.debian.org/security/faq -...

8.1CVSS8.7AI score0.64161EPSS

Ubuntu•added 2021/02/18 12:5 p.m.•143 views

USN-4737-1: Bind vulnerability

It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor...

8.1CVSS7.3AI score0.64161EPSS

OSV•added 2021/02/18 8:33 a.m.•5 views

SUSE-SU-2021:0504-1 Security update for bind

This update for bind fixes the following issues: - CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack bsc1182246, CVE-2020-8625...

OpenVAS•added 2021/02/18 12:0 a.m.•35 views

Exploits0References3

ISC BIND Buffer Overflow Vulnerability (CVE-2020-8625) - Windows

ISC BIND is prone to a buffer overflow vulnerability in the GSSAPI security policy negotiation. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

OpenVAS•added 2021/02/18 12:0 a.m.•15 views

ISC BIND Buffer Overflow Vulnerability (CVE-2020-8625) - Linux

OSV•added 2021/02/17 11:15 p.m.•2 views

ALPINE-CVE-2020-8625

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the...

8.1CVSS7.6AI score0.64161EPSS

OSV•added 2021/02/17 11:15 p.m.•2 views

DEBIAN-CVE-2020-8625

8.1CVSS7.1AI score0.64161EPSS

Cvelist•added 2021/02/17 10:40 p.m.•21 views

CVE-2020-8625 A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack