Filtered by vendor Isc
Subscriptions
Total
253 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-0692 | 2 Isc, Redhat | 3 Dhcp, Enterprise Linux, Rhel Eus | 2026-04-23 | N/A |
| Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option. | ||||
| CVE-2008-0122 | 3 Freebsd, Isc, Redhat | 3 Freebsd, Bind, Enterprise Linux | 2026-04-23 | N/A |
| Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. | ||||
| CVE-2009-0696 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2026-04-23 | N/A |
| The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message. | ||||
| CVE-2007-0493 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2026-04-23 | N/A |
| Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that cause named to "dereference a freed fetch context." | ||||
| CVE-2009-0025 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2026-04-23 | N/A |
| BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | ||||
| CVE-2007-2926 | 2 Isc, Redhat | 2 Bind, Enterprise Linux | 2026-04-23 | N/A |
| ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query id and perform DNS cache poisoning. | ||||
| CVE-2006-4095 | 3 Apple, Canonical, Isc | 4 Mac Os X, Mac Os X Server, Ubuntu Linux and 1 more | 2026-04-16 | 7.5 High |
| BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. | ||||
| CVE-2002-0651 | 2 Isc, Redhat | 3 Bind, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers. | ||||
| CVE-2006-2073 | 1 Isc | 1 Bind | 2026-04-16 | N/A |
| Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. | ||||
| CVE-2005-0034 | 1 Isc | 1 Bind | 2026-04-16 | N/A |
| An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. | ||||
| CVE-2006-3122 | 1 Isc | 1 Dhcpd | 2026-04-16 | N/A |
| The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid." | ||||
| CVE-2004-1006 | 2 Isc, Redhat | 2 Dhcpd, Enterprise Linux | 2026-04-16 | N/A |
| Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702. | ||||
| CVE-2004-0461 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2026-04-16 | N/A |
| The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. | ||||
| CVE-2004-0460 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2026-04-16 | N/A |
| Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. | ||||
| CVE-2003-0039 | 2 Isc, Redhat | 2 Dhcpd, Linux | 2026-04-16 | N/A |
| ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count. | ||||
| CVE-2002-2211 | 1 Isc | 1 Bind | 2026-04-16 | N/A |
| BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods. | ||||
| CVE-2001-0010 | 2 Isc, Redhat | 2 Bind, Linux | 2026-04-16 | N/A |
| Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. | ||||
| CVE-2001-0012 | 2 Isc, Redhat | 2 Bind, Linux | 2026-04-16 | N/A |
| BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. | ||||
| CVE-2000-1029 | 1 Isc | 1 Bind | 2026-04-16 | N/A |
| Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query. | ||||
| CVE-2002-0684 | 3 Gnu, Isc, Redhat | 4 Glibc, Bind, Enterprise Linux and 1 more | 2026-04-16 | N/A |
| Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr. | ||||