CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

MGASA-2026-0163 Updated bind packages fix security vulnerabilities

Updated bind package fixes security vulnerabilities: BIND 9 server memory exhaustion during GSS-API TKEY negotiation CVE-2026-3039 Amplification vulnerabilities via self-pointed glue records CVE-2026-3592 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation CVE-2026-3593...

9.8CVSS5.8AI score0.00143EPSS

Exploits0References3

Microsoft CVE•added 2026/05/23 8:1 a.m.•13 views

SIG(0) validation during query flood may lead to undefined behavior

...

7.5CVSS5.8AI score0.00044EPSS

Exploits0

Cvelist•added 2026/05/20 1:10 p.m.•28 views

CVE-2026-5947 SIG(0) validation during query flood may lead to undefined behavior

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

7.5CVSS0.00044EPSS

Exploits0References3

Vulnrichment•added 2026/05/20 1:10 p.m.•5 views

CVE-2026-5947 SIG(0) validation during query flood may lead to undefined behavior

7.5CVSS5.8AI score0.00044EPSS

Exploits0References3

EUVD•added 2026/05/20 1:10 p.m.•5 views

EUVD-2026-31110

7.5CVSS5.8AI score0.00044EPSS

Exploits0References3

OSV•added 2026/05/20 12:0 a.m.•8 views

UBUNTU-CVE-2026-5947

7.5CVSS5.8AI score0.00044EPSS

Exploits0References4

UbuntuCve•added 2026/05/20 12:0 a.m.•2 views

CVE-2026-5947

7.5CVSS5.8AI score0.00044EPSS

Exploits0References3

SUSE CVE•added 2026/04/23 1:24 a.m.•3 views

SUSE CVE-2026-33596

A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend...

6.5CVSS5.7AI score0.00003EPSS

Exploits0References3

EUVD•added 2026/04/22 3:31 p.m.•0 views

EUVD-2026-24935

3.1CVSS5.7AI score0.00003EPSS

Exploits0References2

EUVD•added 2026/04/22 3:31 p.m.•0 views

EUVD-2026-24931

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

5.3CVSS6AI score0.00005EPSS

Exploits0References2

NVD•added 2026/04/22 2:16 p.m.•2 views

CVE-2026-33594

7.5CVSS0.00005EPSS

Exploits0References1

Vulnrichment•added 2026/04/22 1:48 p.m.•4 views

CVE-2026-33594 Outgoing DoH excessive memory allocation

5.3CVSS6AI score0.00005EPSS

Exploits0References1

Vulnrichment•added 2026/04/22 1:47 p.m.•2 views

CVE-2026-33596 TCP backend stream ID overflow

3.1CVSS5.7AI score0.00003EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2008-0272

Malware in sbrugna...

5CVSS6.4AI score0.00603EPSS

Exploits0References5

RedHat Linux•added 2023/05/16 8:30 a.m.•3 views

bind: processing large delegations may severely degrade resolver performance

A flaw was found in bind. When flooding the target resolver with special queries, an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service...

5.3CVSS7.2AI score0.00484EPSS

Exploits0References5

CNNVD•added 2022/09/21 12:0 a.m.•1 views

ISC BIND 资源管理错误漏洞

ISC BIND is the United States ISC company's set of open source software that implements the DNS protocol. ISC BIND suffers from a denial-of-service vulnerability that stems from a flaw in the resolver code that could cause naming to take an inordinate amount of time to process large delegates,...

5.3CVSS6.9AI score0.00484EPSS

Exploits0References23