GCVE - cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:isc:bind:9.10.2:p3:*:*:*:*:*:*

part: a version: 9.10.2 update: p3

Vendor	Isc (`4a2f2b37-98b6-5702-822d-72afcd17d050`)
Product	Bind (`ea404969-e27c-5a4f-ab6f-da9eff8fdf08`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:10.769821
`pkg:gitlab/isc-projects/bind9`	purl2cpe	2026-06-01 10:15:10.769823

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2016-9444`	vulnerable	2026-06-03 14:36:16.722977	Details available named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and 9.11.x before 9.11.0-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted DS resource record in an answer. Published: 2017-01-12T06:06:00.000Z Updated: 2024-08-06T02:50:38.365Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/95393 http://www.securitytracker.com/id/1037582 https://security.gentoo.org/glsa/201708-01 https://kb.isc.org/article/AA-01441/74/CVE-2016-9444 https://security.netapp.com/advisory/ntap-20180926-0005/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2776`	vulnerable	2026-06-03 14:35:43.673688	Details available buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. Published: 2016-09-28T10:00:00.000Z Updated: 2024-08-05T23:32:20.918Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/93188 https://kb.isc.org/article/AA-01438 https://kb.isc.org/article/AA-01419/0 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://rhn.redhat.com/errata/RHSA-2016-1944.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2016-2088`	vulnerable	2026-06-03 14:35:36.646301	Details available resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. Published: 2016-03-09T23:00:00.000Z Updated: 2024-08-05T23:17:50.701Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1035238 http://www.securityfocus.com/bid/84290 https://security.gentoo.org/glsa/201610-07 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/181036.html https://kb.isc.org/article/AA-01380	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8705`	vulnerable	2026-06-03 14:35:12.739163	Details available buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. Published: 2016-01-20T15:00:00.000Z Updated: 2024-08-06T08:29:21.425Z Open on db.gcve.eu Reference links https://kb.isc.org/article/AA-01336 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175977.html http://www.securitytracker.com/id/1034740 http://www.securityfocus.com/bid/81314 https://security.gentoo.org/glsa/201610-07	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8704`	vulnerable	2026-06-03 14:35:12.735506	Details available apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. Published: 2016-01-20T15:00:00.000Z Updated: 2024-08-06T08:29:20.879Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://marc.info/?l=bugtraq&m=145680832702035&w=2 http://www.ubuntu.com/usn/USN-2874-1 http://rhn.redhat.com/errata/RHSA-2016-0073.html https://kb.isc.org/article/AA-01335	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8461`	vulnerable	2026-06-03 14:35:12.004466	Details available Race condition in resolver.c in named in ISC BIND 9.9.8 before 9.9.8-P2 and 9.10.3 before 9.10.3-P2 allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via unspecified vectors. Published: 2015-12-16T15:00:00.000Z Updated: 2024-08-06T08:20:41.759Z Open on db.gcve.eu Reference links http://www.securitytracker.com/id/1034419 http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174252.html https://kb.isc.org/article/AA-01438 http://www.securityfocus.com/bid/79347	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-8000`	vulnerable	2026-06-03 14:35:10.831650	Details available db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attribute. Published: 2015-12-16T15:00:00.000Z Updated: 2024-08-06T08:06:31.443Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://marc.info/?l=bugtraq&m=145680832702035&w=2 https://blogs.sophos.com/2016/02/17/utm-up2date-9-354-released/ https://blogs.sophos.com/2016/02/29/utm-up2date-9-319-released/ http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174145.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-0382`	vulnerable	2026-06-03 14:30:08.533392	Details available ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta handles out-of-bailiwick data accompanying a secure response without re-fetching from the original source, which allows remote attackers to have an unspecified impact via a crafted response, aka Bug 20819. NOTE: this vulnerability exists because of a regression during the fix for CVE-2009-4022. Published: 2010-01-22T21:20:00.000Z Updated: 2024-08-07T00:45:12.225Z Open on db.gcve.eu Reference links https://www.isc.org/advisories/CVE-2009-4022v6 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7086 http://www.vupen.com/english/advisories/2010/1352 http://secunia.com/advisories/40086 http://www.vupen.com/english/advisories/2010/0622	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-0290`	vulnerable	2026-06-03 14:30:08.091640	Details available Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta, with DNSSEC validation enabled and checking disabled (CD), allows remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains (1) CNAME or (2) DNAME records, which do not have the intended validation before caching, aka Bug 20737. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-4022. Published: 2010-01-22T21:20:00.000Z Updated: 2024-08-07T00:45:11.627Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=557121 http://www.vupen.com/english/advisories/2010/0176 https://rhn.redhat.com/errata/RHSA-2010-0062.html http://marc.info/?l=oss-security&m=126393609503704&w=2 https://www.isc.org/advisories/CVE-2009-4022v6	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.