Lucene search
K

371 matches found

EUVD
EUVD
added 2026/05/20 1:9 p.m.8 views

EUVD-2026-31108

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

7.4CVSS5.8AI score0.01844EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 1:9 p.m.9 views

CVE-2026-3592

BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0...

5.3CVSS5.8AI score0.00406EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in bind9

In BIND 9.8.5 - 9.8.8, 9.9.3 - 9.11.29, 9.12.0 - 9.16.13, and versions of BIND 9 Supported Preview Edition such as 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1, as well as the release version 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a...

6.5CVSS7.4AI score0.0594EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in bind9

By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode the available memory to the point where named crashes occur due to lack of resources...

7.5CVSS7.5AI score0.02176EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in bind9

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode the available memory to the point where named crashes occur due to lack of resources...

7.5CVSS7.5AI score0.02299EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in unbound, bind9, and dnsmasq

Certain aspects of the DNS protocol’s DNSSEC mechanism described in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service attack by manipulating one or more DNSSEC responses. This issue is known as the “KeyTrap” problem. One of the concerns is that, when...

7.5CVSS7.1AI score0.99995EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in bind9

The code that processes control channel messages sent to named recursively calls certain functions during packet parsing. The recursion depth is limited only by the maximum acceptable packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack...

7.5CVSS7AI score0.02626EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in bind9

It is possible to create a zone such that certain queries to it will generate responses containing numerous records in the Additional section. An attacker sending multiple such queries can cause either the authoritative server or an independent resolver to use excessive resources to process the...

7.5CVSS6.4AI score0.15344EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in bind9

In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of the Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record that...

7.5CVSS7.2AI score0.11296EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 12:0 a.m.3 views

UBUNTU-CVE-2026-3593

A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected...

9.8CVSS5.8AI score0.01844EPSS
Exploits0References4
OSV
OSV
added 2026/05/20 12:0 a.m.6 views

UBUNTU-CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

5.3CVSS5.8AI score0.00551EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

ISC BIND 9 竞争条件问题漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. ISC BIND 9 has a race condition vulnerability, which stems from race conditions that lead to reusing resources after release, potentially causing undefined behaviors. The following versions are affected: 9.20.0 to...

7.5CVSS5.8AI score0.01387EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/20 12:0 a.m.16 views

CVE-2026-5950

An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cause severe resource exhaustion by sending queries that trigger specific retry conditions. This issue affects BIND 9 versions 9.18.36 throu...

5.3CVSS5.8AI score0.00551EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.12 views

ISC BIND 9 输入验证错误漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. ISC BIND 9 has a vulnerability related to input validation errors. This vulnerability stems from defects in handling non-Internet-related DNS messages, which may lead to assertion failures. The following versions are...

7.5CVSS5.8AI score0.0181EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-5950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An unbounded resend loop vulnerability exists in the BIND 9 resolver state machine during bad-server handling, enabling a remote unauthenticated attacker to cau...

5.3CVSS6AI score0.00551EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.31 views

Debian dsa-6285 : bind9 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6285 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6285-1 [email protected]...

9.8CVSS5.9AI score0.01844EPSS
Exploits1References15
UbuntuCve
UbuntuCve
added 2026/05/20 12:0 a.m.11 views

CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 12:0 a.m.9 views

UBUNTU-CVE-2026-3039

BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS deployments and/or...

7.5CVSS5.7AI score0.01047EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.10 views

PT-2026-42156

Name of the Vulnerable Software and Affected Versions BIND 9 versions 9.20.0 through 9.20.22 BIND 9 versions 9.21.0 through 9.21.21 BIND 9 versions 9.20.9-S1 through 9.20.22-S1 Description A heap use-after-free issue exists within the DNS-over-HTTPS implementation. Use-after-free occurs when an...

9.8CVSS6AI score0.01844EPSS
Exploits0References52
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.8 views

Fedora 44 : bind9-next (2026-01c20fe8ca)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-01c20fe8ca advisory. Update to 9.21.20 rhbz2440560 Security Fixes: - Fix unbounded NSEC3 iterations when validating referrals to unsigned delegations. CVE-2026-1519 - Fi...

7.5CVSS8.9AI score0.01545EPSS
Exploits0References5
Rows per page
Query Builder