CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2025/01/29 10:15 p.m.•3 views

AZL-56097 CVE-2024-11187 affecting package bind for versions less than 9.20.5-1

7.5CVSS7.2AI score0.14257EPSS

OSV•added 2025/01/29 10:15 p.m.•8 views

CVE-2024-11187

7.5CVSS7.4AI score0.14257EPSS

OSV•added 2025/01/29 10:15 p.m.•5 views

AZL-56198 CVE-2024-11187 affecting package dhcp for versions less than 4.4.3.P1-3

7.5CVSS6.9AI score0.14257EPSS

OSV•added 2025/01/29 10:15 p.m.•1 views

DEBIAN-CVE-2024-11187

7.5CVSS6.4AI score0.14257EPSS

NVD•added 2025/01/29 10:15 p.m.•8 views

CVE-2024-12705

7.5CVSS0.15664EPSS

Exploits0References2

NVD•added 2025/01/29 10:15 p.m.•6 views

CVE-2024-11187

7.5CVSS0.14257EPSS

Debian•added 2025/01/29 9:51 p.m.•149 views

[SECURITY] [DSA 5854-1] bind9 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5854-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 29, 2025 https://www.debian.org/security/faq -...

7.5CVSS8.1AI score0.15664EPSS

RedhatCVE•added 2025/01/29 9:51 p.m.•12 views

CVE-2024-12705

A flaw was found in BIND 9. By flooding a target resolver with HTTP/2 traffic and exploiting this flaw, an attacker could overwhelm the server, causing high CPU and/or memory usage and preventing other clients from establishing DoH connections. This issue could significantly impair the resolver's...

7.5CVSS7.2AI score0.15664EPSS

Exploits0References4

Vulnrichment•added 2025/01/29 9:40 p.m.•14 views

CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load

7.5CVSS7.4AI score0.15664EPSS

AlpineLinux•added 2025/01/29 9:40 p.m.•16 views

CVE-2024-12705

7.5CVSS7.5AI score0.15664EPSS

CVE•added 2025/01/29 9:40 p.m.•128 views

CVE-2024-12705

CVE-2024-12705 affects BIND’s DNS-over-HTTPS (DoH) implementation. Under crafted HTTP/2 traffic, a resolver can experience CPU/memory exhaustion, leading to denial of service. Affected: BIND 9.18.0–9.18.32, 9.20.0–9.20.4, 9.21.0–9.21.3 (and 9.18.11-S1–9.18.32-S1). Impact: potential DoS impacting ...

7.5CVSS7.4AI score0.15664EPSS

Exploits0References2

Cvelist•added 2025/01/29 9:40 p.m.•37 views

CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load

7.5CVSS0.15664EPSS

Vulnrichment•added 2025/01/29 9:40 p.m.•4 views

CVE-2024-11187 Many records in the additional section cause CPU exhaustion

7.5CVSS7.4AI score0.14257EPSS

AlpineLinux•added 2025/01/29 9:40 p.m.•28 views

CVE-2024-11187

7.5CVSS7.5AI score0.14257EPSS

CVE•added 2025/01/29 9:40 p.m.•276 views

CVE-2024-11187

CVE-2024-11187 is a BIND DNS vulnerability in which crafted queries can force the server or a resolver to exhaust CPU/memory by returning many records in the Additional section. Affected BIND versions include 9.11.0–9.11.37, 9.16.0–9.16.50, 9.18.0–9.18.32, 9.20.0–9.20.4, 9.21.0–9.21.3, and relate...

7.5CVSS7.4AI score0.14257EPSS

Cvelist•added 2025/01/29 9:40 p.m.•33 views

CVE-2024-11187 Many records in the additional section cause CPU exhaustion

7.5CVSS0.14257EPSS

Slackware Linux•added 2025/01/29 9:32 p.m.•15 views

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.18.33-i586-1slack15.0.txz: Upgraded. This update fixes security issues: DNS-over-HTTPs flooding fixes. Limit the additional...

7.5CVSS7.6AI score0.15664EPSS

RedhatCVE•added 2025/01/29 9:21 p.m.•14 views

CVE-2024-11187

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an...

7.5CVSS7.1AI score0.14257EPSS