Security Bulletin: Vulnerabilities in BIND affect Power Hardware Management Console (CVE-2018-5745, CVE-2019-6465 and CVE-2019-6477)

CVEID:   CVE-2018-5745
DESCRIPTION:   ISC BIND is vulnerable to a denial of service, caused by an error in the managed-keys feature. By replacing a trust anchor's keys with keys which use an unsupported algorithm, a remote authenticated attacker could exploit this vulnerability to cause an assertion failure.
CVSS Base score: 4.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157386 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2019-6465
DESCRIPTION:   ISC BIND could allow a remote attacker to obtain sensitive information, caused by the failure to properly apply controls for zone transfers to Dynamically Loadable Zones (DLZs) if the zones are writable. An attacker could exploit this vulnerability to request and receive a zone transfer of a DLZ even when not permitted to do so by the allow-transfer ACL.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/157377 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2019-6477
DESCRIPTION:   ISC BIND is vulnerable to a denial of service. By sending TCP-pipelined queries, a remote attacker could exploit this vulnerability to bypass tcp-clients limit and cause the server to consume all available resources and become unresponsive.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/172012 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)