CVE-2026-2817 Spring Data Geode Insecure Temporary Directory Usage

Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of...

PT-2026-20882

Name of the Vulnerable Software and Affected Versions Spring Data Geode affected versions not specified Description The software has a flaw related to insecure directory usage during snapshot imports. Specifically, archives are extracted into predictable and overly permissive directories within t...

Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-40778 CVE-2025-40780 CVE-2025-8677)

IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:49:11 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory29.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-40778, CVE-2025-40780,...

ISC BIND 9.11.0 < 9.18.41 / 9.11.3-S1 < 9.18.41-S1 / 9.18.0 < 9.18.41 / 9.18.11-S1 < 9.18.41-S1 / 9.20.0 < 9.20.15 / 9.20.9-S1 < 9.20.15-S1 / 9.21.0 < 9.21.14 Vulnerability (cve-2025-40778)

The version of ISC BIND installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cve-2025-40778 advisory. - Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forge...

EulerOS Virtualization 2.10.0 : bind (EulerOS-SA-2026-1155)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003987)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003987 advisory. IBM Power9 AIX 7.1, 7.2, and VIOS 3.1 processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating...

EulerOS 2.0 SP10 : bind (EulerOS-SA-2026-1019)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. Thi...

EulerOS 2.0 SP10 : bind (EulerOS-SA-2026-1040)

According to the versions of the bind packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. Thi...

Unity Linux 20.1060a / 20.1070a Security Update: bind (UTSA-2025-991236)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991236 advisory. Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects...

OESA-2025-2842 dhcp security update

The Dynamic Host Configuration Protocol DHCP is a network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network so they can communicate with other IP networks. Security Fixes: Unde...

Medium: bind

Issue Overview: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12,...

Amazon Linux 2 : bind, --advisory ALAS2-2025-3093 (ALAS-2025-3093)

The version of bind installed on the remote host is prior to 9.11.4-26.P2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3093 advisory. Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: bind (UTSA-2025-990939)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990939 advisory. Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects...

Mozilla Firefox < 62.0.2

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 62.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2018-22 advisory. - A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local...

OESA-2025-2653 bind security update

Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System. This package includes the components to operate a DNS server. Security Fixes: Under...

EUVD-2025-177408

Malicious code in orchestrate-process-cache-data-async npm...

SUSE CVE-2025-40778

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

AZL-68727 CVE-2025-40778 affecting package bind for versions less than 9.16.50-3

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

ALPINE-CVE-2025-40778

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

CVE-2025-40778

CVE-2025-40778 affects ISC BIND caching behavior: under certain conditions the resolver accepts forged answer data, enabling cache poisoning. Affected versions include 9.11.0–9.16.50, 9.18.0–9.18.39, 9.20.0–9.20.13, 9.21.0–9.21.12, and corresponding S1/build variants. Public advisories (e.g., ALA...