CVE-2018-5740

all versions

"deny-answer-aliases" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding

7.5HIGH

CVE-2018-5737

all versions

A problem with the implementation of the new serve-stale feature in BIND 9.12 can lead to an assertion failure in rbtdb.c, even wh

5.9MEDIUM

CVE-2018-5736

all versions

An error in zone database reference counting can lead to an assertion failure if a server which is running an affected version of

5.3MEDIUM

CVE-2018-5734

all versions

While handling a particular type of malformed packet BIND erroneously selects a SERVFAIL rcode instead of a FORMERR rcode. If the

7.5HIGH

CVE-2017-3145

all versions

BIND was improperly sequencing cleanup operations on upstream recursion fetch contexts, leading in some cases to a use-after-free

7.5HIGH

CVE-2017-3140

all versions

If named is configured to use Response Policy Zones (RPZ) an error processing some rule types can lead to a condition where BIND w

3.7LOW

CVE-2017-3138

all versions

named contains a feature which allows operators to issue commands to a running server by communicating with the server process ove

6.5MEDIUM

CVE-2017-3137

all versions

Mistaken assumptions about the ordering of records in the answer section of a response containing CNAME or DNAME resource records

7.5HIGH

CVE-2017-3136

all versions

A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. A

5.9MEDIUM

CVE-2017-3135

all versions

Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent sta

7.5HIGH

CVE-2016-9778

all versions

An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover

7.5HIGH

CVE-2018-15919

all versions

Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users

5.3MEDIUM

CVE-2018-15473

all versions

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user un

5.3MEDIUM

CVE-2018-12015

all versions

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and

7.5HIGH

CVE-2018-11237

all versions

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write d

7.8HIGH

CVE-2018-11236

all versions

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to

9.8CRITICAL

CVE-2018-6485

all versions

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.

9.8CRITICAL

CVE-2016-10708

all versions

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an

7.5HIGH

CVE-2016-8610

all versions

A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol define

7.5HIGH

CVE-2017-15906

all versions

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, whic

5.3MEDIUM

CVE-2016-9131

all versions

named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a den

7.5HIGH

CVE-2016-8864

all versions

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a den

7.5HIGH

CVE-2015-8960

all versions

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCe

8.1HIGH