isc

258 tracked vulnerabilities.

CVE-2026-5950 MEDIUM
Unbounded resend loop in BIND 9 resolver
May 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-5947 HIGH
SIG(0) validation during query flood may lead to undefined behavior
May 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-5946 HIGH
BIND 9.11.0-9.16.50, 9.18.0-9.18.48, 9.20.0-9.20.22, 9.21.0-9.21.21 - DoS via Non-IN DNS Message Handling
May 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3593 HIGH
Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation
May 20, 2026
CVSS 7.4
EPSS 0.00
CVE-2026-3592 MEDIUM
BIND 9.11.0-9.16.50, 9.18.0-9.18.48, 9.20.0-9.20.22, 9.21.0-9.21.21 - Resource Exhaustion via Crafted Zone Query
May 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-3039 HIGH
BIND 9 server memory exhaustion during GSS-API TKEY negotiation
May 20, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3591 MEDIUM
BIND 9 - ACL Bypass via SIG(0) Use-After-Return
Mar 25, 2026
CVSS 5.4
EPSS 0.00
CVE-2026-3119 MEDIUM
Authenticated query containing a TKEY record may cause named to terminate unexpectedly
Mar 25, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-3104 HIGH
Memory leak in code preparing DNSSEC proofs of non-existence
Mar 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-1519 HIGH
Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
Mar 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-3608 HIGH
ISC Kea - Stack Overflow Denial of Service
Mar 25, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-13878 HIGH
BIND <9.18.44-9.20.18-9.21.17 - DoS
Jan 21, 2026
CVSS 7.5
EPSS 0.00
CVE-2025-11232 HIGH
ISC Kea 2.6.0-2.6.4, 2.7.0-2.7.9, 3.0.0-3.0.1, 3.1.0-3.1.2 - Denial of Service via DDNS Hostname Processing
Oct 29, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-8677 HIGH
BIND 9 9.18.0-9.18.39, 9.20.0-9.20.13, 9.21.0-9.21.12 - DoS via Malformed DNSKEY
Oct 22, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-40780 HIGH
BIND <9.21 - Info Disclosure
Oct 22, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-40778 HIGH
BIND 9.11.0-9.16.50, 9.18.0-9.18.39, 9.20.0-9.20.13, 9.21.0-9.21.12 - Cache Poisoning
Oct 22, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-8696 HIGH
ISC Stork 1.0.0-2.3.0 - Unauthenticated Denial of Service via Large Data Input
Sep 10, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-40779 HIGH
ISC Kea 2.7.1-2.7.9, 3.0.0, 3.1.0 - Denial of Service via DHCPv4 Unicast Request
Aug 27, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-40777 HIGH
BIND 9 9.20.0-9.20.10 9.21.0-9.21.9 9.20.9-S1-9.20.10-S1 - Reachable Assertion via CNAME Chain Processing
Jul 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-40776 HIGH
BIND 9 9.11.3-S1-9.16.50-S1, 9.18.11-S1-9.18.37-S1, 9.20.9-S1-9.20.10-S1 - Cache Poisoning via ECS Option Handling
Jul 16, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-32803 MEDIUM
Kea <2.4.1, <2.6.2, <2.7.8 - Info Disclosure
May 28, 2025
CVSS 4.0
EPSS 0.00
CVE-2025-32802 MEDIUM
ISC Kea 2.4.0-2.4.1, 2.6.0-2.6.2, 2.7.0-2.7.8 - Arbitrary File Write via Configuration and API Directives
May 28, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-32801 HIGH
ISC Kea 2.4.0-2.4.1, 2.6.0-2.6.2, 2.7.0-2.7.8 - Unauthenticated Code Injection via Hook Library Loading
May 28, 2025
CVSS 7.8
EPSS 0.00
CVE-2025-40775 HIGH
BIND <9.20.8-9.21.7 - Info Disclosure
May 21, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-12705 HIGH
BIND 9 9.18.0-9.18.32, 9.20.0-9.20.4, 9.21.0-9.21.3, 9.18.11-S1-9.18.32-S1 DoS via DNS-over-HTTPS HTTP/2 Flood
Jan 29, 2025
CVSS 7.5
EPSS 0.06
Products
bind 184 dhcp 25 BIND 9 23 inn 14 dhcpd 8 Kea 6 kea 4 dhcp_client 2 Stork 1 dnsco_bind 1 stork 1
Quick Filters
Critical CVEs With Exploits In CISA KEV