Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

OpenVAS
OpenVASadded 2021/09/06 12:0 a.m.19 views

ISC BIND Information Disclosure Vulnerability (CVE-2017-3142) - Linux

ISC BIND is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

5.3CVSS5.3AI score0.04951EPSS
Exploits0References1
NVD
NVDadded 2019/01/16 8:29 p.m.15 views

CVE-2017-3138

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of name...

6.5CVSS6.7AI score0.3793EPSS
Exploits0References6
OSV
OSVadded 2019/01/16 8:29 p.m.18 views

CVE-2017-3143

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...

5.9CVSS6.6AI score
Exploits0References8
NVD
NVDadded 2019/01/16 8:29 p.m.18 views

CVE-2017-3140

If named is configured to use Response Policy Zones RPZ an error processing some rule types can lead to a condition where BIND will endlessly loop while handling a query. Affects BIND 9.9.10, 9.10.5, 9.11.0-9.11.1, 9.9.10-S1, 9.10.5-S1...

5.9CVSS5.5AI score0.34362EPSS
Exploits0References6
Cvelist
Cvelistadded 2019/01/16 8:0 p.m.48 views

CVE-2017-3143 An error in TSIG authentication can permit unauthorized dynamic updates

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...

7.5CVSS6.7AI score0.26818EPSS
Exploits1References8
AlpineLinux
AlpineLinuxadded 2019/01/16 8:0 p.m.35 views

CVE-2017-3142

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection wit...

5.3CVSS6.4AI score0.04951EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2019/01/16 8:0 p.m.32 views

CVE-2017-3143

An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name for the zone and service being targeted may be able to manipulate BIND into accepting an unauthorized dynamic update. Affects BIND 9.4.0-9.8.8, 9.9.0-9.9.10-P1,...

7.5CVSS6.9AI score0.26818EPSS
Exploits1
Debian CVE
Debian CVEadded 2019/01/16 8:0 p.m.27 views

CVE-2017-3138

named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of name...

6.5CVSS6.3AI score0.3793EPSS
Exploits0
Rows per page
Query Builder