FireMon Asset Manager CVE Radar 4.7.0.1

An assertion failure was found in the way bind implemented the "managed keys" feature. An attacker could use this flaw to cause the named daemon to crash. This flaw is very difficult for an attacker to trigger because it requires an operator to have BIND configured to use a trust anchor managed by the attacker.
https://access.redhat.com/security/cve/CVE-2018-5745

A flaw was found in BIND, where it does not sufficiently limit the number of fetches that can be performed while processing a referral response. This flaw allows an attacker to cause a denial of service attack. The attacker can also exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor.

https://access.redhat.com/security/cve/cve-2020-8616

bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64

An assertion failure was found in BIND, which checks the validity of messages containing TSIG resource records. This flaw allows an attacker that knows or successfully guesses the name of the TSIG key used by the server to use a specially-crafted message, potentially causing a BIND server to reach an inconsistent state or cause a denial of service. A majority of BIND servers have an internally-generated TSIG session key whose name is trivially guessable, and that key exposes the vulnerability unless specifically disabled.

https://access.redhat.com/security/cve/cve-2020-8617

A flaw was found in bind. The way DNAME records are processed may trigger the same RRset to the ANSWER section to be added more than once which causes an assertion check to fail. The highest threat from this flaw is to system availability.

https://access.redhat.com/security/cve/cve-2021-25215

bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.

https://access.redhat.com/security/cve/cve-2020-8623

bind-export-libs-9.11.4-26.P2.el7_9.10.x86_64

BIND servers are vulnerable if they are running an affected version and are configured to use GSS-TSIG features. In a configuration which uses BIND's default settings the vulnerable code path is not exposed, but a server can be rendered vulnerable by explicitly setting valid values for the tkey-gssapi-keytab or tkey-gssapi-credentialconfiguration options. Although the default configuration is not vulnerable, GSS-TSIG is frequently used in networks where BIND is integrated with Samba, as well as in mixed-server environments that combine BIND servers with Active Directory domain controllers. The most likely outcome of a successful exploitation of the vulnerability is a crash of the named process. However, remote code execution, while unproven, is theoretically possible. Affects: BIND 9.5.0 -> 9.11.27, 9.12.0 -> 9.16.11, and versions BIND 9.11.3-S1 -> 9.11.27-S1 and 9.16.8-S1 -> 9.16.11-S1 of BIND Supported Preview Edition. Also release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch.

https://access.redhat.com/security/cve/cve-2022-21123

bind-libs-9.11.4-26.P2.el7_9.10.x86_64

A flaw was found in the Bind package, where the DNSSEC verification code for the EdDSA algorithm leaks memory when there is a signature length mismatch. By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak, resulting in crashing the program.

https://access.redhat.com/security/cve/cve-2022-38178