bind (SUSE:Linux Enterprise Server 12 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP4 package bind, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2020-8616 — CVSS 8.6 (high): A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals…
CVE-2018-5743 — CVSS 7.5 (high): By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections…
CVE-2020-8617 — CVSS 7.5 (high): Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or…
CVE-2018-5740 — CVSS 7.5 (high): "deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks…
CVE-2019-6471 — CVSS 5.9 (medium): A race condition which may occur when discarding malformed packets can result in BIND exiting due to a REQUIRE assertion failure in…
CVE-2019-6465 — CVSS 5.3 (medium): Controls for zone transfers may not be properly applied to Dynamically Loadable Zones (DLZs) if the zones are writable Versions affected…
CVE-2018-5745 — CVSS 4.9 (medium): "managed-keys" is a feature which allows a BIND resolver to automatically maintain the keys used by trust anchors which operators configure…