CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

UbuntuCve•added 2025/07/16 2:15 p.m.•7 views

CVE-2025-40776

A named caching resolver that is configured to send ECS EDNS Client Subnet options may be vulnerable to a cache-poisoning attack. This issue affects BIND 9 versions 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.37-S1, and 9.20.9-S1 through 9.20.10-S1...

8.6CVSS7.2AI score0.00197EPSS

Exploits0References2

UbuntuCve•added 2025/05/21 12:0 a.m.•8 views

CVE-2025-40775

When an incoming DNS protocol message includes a Transaction Signature TSIG, BIND always checks it. If the TSIG contains an invalid value in the algorithm field, BIND immediately aborts with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.8 and 9.21.0 through 9.21.7...

7.5CVSS7.3AI score0.10753EPSS

Exploits1References2

UbuntuCve•added 2024/07/23 12:0 a.m.•14 views

CVE-2024-1975

If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG0 signed requests. This issue affects BIND 9 versions 9.0.0 through...

7.5CVSS7.3AI score0.02114EPSS

Exploits0References4

UbuntuCve•added 2024/07/23 12:0 a.m.•20 views

CVE-2024-0760

A malicious client can send many DNS messages over TCP, potentially causing the server to become unstable while the attack is in progress. The server may recover after the attack ceases. Use of ACLs will not mitigate the attack. This issue affects BIND 9 versions 9.18.1 through 9.18.27, 9.19.0...

7.5CVSS7.3AI score0.0468EPSS

Exploits0References2

UbuntuCve•added 2024/07/23 12:0 a.m.•21 views

CVE-2024-4076

Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure. This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1...

7.5CVSS7.3AI score0.02111EPSS

Exploits0References2

UbuntuCve•added 2024/02/13 12:0 a.m.•31 views

CVE-2023-5517

A flaw in query-handling code can cause named to exit prematurely with an assertion failure when: - nxdomain-redirect ; is configured, and - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response. This issue affects BIND 9 versio...

7.5CVSS7.1AI score0.01231EPSS

Exploits0References4

UbuntuCve•added 2024/02/13 12:0 a.m.•26 views

CVE-2023-50868

The Closest Encloser Proof aspect of the DNS protocol in RFC 5155 when RFC 9276 guidance is skipped allows remote attackers to cause a denial of service CPU consumption for SHA-1 computations via DNSSEC responses in a random subdomain attack, aka the "NSEC3" issue. The RFC 5155 specification...

7.5CVSS7AI score0.81729EPSS

Exploits1References13

UbuntuCve•added 2024/02/13 12:0 a.m.•390 views

CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service CPU consumption via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG...

7.5CVSS7AI score0.99995EPSS

Exploits0References13

UbuntuCve•added 2022/09/21 12:0 a.m.•44 views

CVE-2022-3080

By sending specific queries to the resolver, an attacker can cause named to crash...

7.5CVSS7.1AI score0.01486EPSS

Exploits0References2

UbuntuCve•added 2022/09/21 12:0 a.m.•62 views

CVE-2022-38177

By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources...

7.5CVSS7.1AI score0.02198EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by