Lucene search
K

11998 matches found

Slackware Linux
Slackware Linux
added 2020/08/21 9:2 p.m.50 views

[slackware-security] bind

New bind packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/bind-9.11.22-i586-1slack14.2.txz: Upgraded. This update fixes three security issues: "update-policy" rules of type...

7.5CVSS0.4AI score0.06348EPSS
Exploits0
Cvelist
Cvelist
added 2020/08/21 8:50 p.m.22 views

CVE-2020-8624 update-policy rules of type "subdomain" are enforced incorrectly

In BIND 9.9.12 - 9.9.13, 9.10.7 - 9.10.8, 9.11.3 - 9.11.21, 9.12.1 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.12-S1 - 9.9.13-S1, 9.11.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abu...

4.3CVSS5.8AI score0.0364EPSS
Exploits0References10
CVE
CVE
added 2020/08/21 8:50 p.m.431 views

CVE-2020-8624

CVE-2020-8624 affects BIND's update-policy rules of type "subdomain". The flaw allows an attacker with limited zone-content privileges to modify other zone contents. Reports across distros indicate the vulnerability impacts various BIND 9.x releases; confirmed fixes include patched BIND versions ...

4.3CVSS6.1AI score0.0364EPSS
Exploits0References10Affected Software1
AlpineLinux
AlpineLinux
added 2020/08/21 8:50 p.m.26 views

CVE-2020-8624

In BIND 9.9.12 - 9.9.13, 9.10.7 - 9.10.8, 9.11.3 - 9.11.21, 9.12.1 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.12-S1 - 9.9.13-S1, 9.11.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abu...

4.3CVSS6.3AI score0.0364EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/08/21 8:50 p.m.25 views

CVE-2020-8624

In BIND 9.9.12 - 9.9.13, 9.10.7 - 9.10.8, 9.11.3 - 9.11.21, 9.12.1 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.12-S1 - 9.9.13-S1, 9.11.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abu...

4.3CVSS6.2AI score0.0364EPSS
Exploits0
CVE
CVE
added 2020/08/21 8:50 p.m.491 views

CVE-2020-8623

CVE-2020-8623 affects BIND up to various maintained branches (notably 9.10.0–9.17.x). Root cause: native PKCS#11 code can trigger an assertion failure when processing queries for RSA-signed zones if BIND is built with --enable-native-pkcs11, leading to a crash and potential availability impact. A...

7.5CVSS7.6AI score0.06348EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2020/08/21 8:50 p.m.705 views

CVE-2020-8622

CVE-2020-8622 pertains to ISC BIND and causes an assertion failure leading to a server exit when processing a truncated TSIG-signed response. The vulnerability can be triggered by an attacker on the network path or by exploiting a server receiving a TSIG-signed request, potentially harming availa...

6.5CVSS7.2AI score0.05545EPSS
Exploits0References13Affected Software1
Cvelist
Cvelist
added 2020/08/21 8:50 p.m.35 views

CVE-2020-8622 A truncated TSIG response can lead to an assertion failure

In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that...

6.5CVSS7.1AI score0.05545EPSS
Exploits0References13
Cvelist
Cvelist
added 2020/08/21 8:50 p.m.30 views

CVE-2020-8623 A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c

In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: be running BIND tha...

7.5CVSS7.5AI score0.06348EPSS
Exploits0References11
AlpineLinux
AlpineLinux
added 2020/08/21 8:50 p.m.50 views

CVE-2020-8622

In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that...

6.5CVSS7.4AI score0.05545EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/08/21 8:50 p.m.29 views

CVE-2020-8623

In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: be running BIND tha...

7.5CVSS7.8AI score0.06348EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/08/21 8:50 p.m.32 views

CVE-2020-8622

In BIND 9.0.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.9.3-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that...

6.5CVSS6.8AI score0.05545EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/08/21 8:50 p.m.20 views

CVE-2020-8623

In BIND 9.10.0 - 9.11.21, 9.12.0 - 9.16.5, 9.17.0 - 9.17.3, also affects 9.10.5-S1 - 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash. To be vulnerable, the system must: be running BIND tha...

7.5CVSS6.7AI score0.06348EPSS
Exploits0
CVE
CVE
added 2020/08/21 8:50 p.m.354 views

CVE-2020-8620

CVE-2020-8620 affects BIND 9.15.6–9.16.5 and 9.17.0–9.17.3, where libuv-based TCP handling allows an attacker to send data to trigger an assertion failure and crash the server. The vulnerability stems from an incorrectly specified maximum buffer size that can be exploited by a specially crafted l...

7.5CVSS7.3AI score0.03663EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2020/08/21 8:50 p.m.248 views

CVE-2020-8621

CVE-2020-8621 affects BIND when QNAME minimization is enabled together with forward-first forwarding, potentially causing the server to crash. The vulnerable ranges are BIND 9.14.0–9.16.5 and 9.17.0–9.17.3; forward-only configurations are not affected. The issue is due to an assertion failure in ...

7.5CVSS7.3AI score0.02944EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2020/08/21 8:50 p.m.22 views

CVE-2020-8620

In BIND 9.15.6 - 9.16.5, 9.17.0 - 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit...

7.5CVSS7.4AI score0.03663EPSS
Exploits0References7
Cvelist
Cvelist
added 2020/08/21 8:50 p.m.20 views

CVE-2020-8621 Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c

In BIND 9.14.0 - 9.16.5, 9.17.0 - 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected...

7.5CVSS7.4AI score0.02944EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2020/08/21 8:50 p.m.35 views

CVE-2020-8620

In BIND 9.15.6 - 9.16.5, 9.17.0 - 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit...

7.5CVSS2.5AI score0.03663EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/08/21 8:50 p.m.23 views

CVE-2020-8621

In BIND 9.14.0 - 9.16.5, 9.17.0 - 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected...

7.5CVSS7.5AI score0.02944EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/08/21 8:50 p.m.22 views

CVE-2020-8621

In BIND 9.14.0 - 9.16.5, 9.17.0 - 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected...

7.5CVSS6.5AI score0.02944EPSS
Exploits0
Rows per page
Query Builder