CVE-2019-25361

Ayukov NFTP client 1.71 contains a buffer overflow in the SYST command handling that enables remote code execution. A crafted SYST payload can trigger the overflow and execute a bind shell on port 5150. Public CVSS data indicate high to critical impact across confidentiality, integrity, and avail...

CVE-2019-25361 Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

Security Bulletin: Multiple vulnerabilities impact AIX/VIOS due to ISC BIND (CVE-2025-40778, CVE-2025-40780, CVE-2025-8677)

Summary Vulnerabilities in ISC BIND could allow an attacker to inject forged data into the cache CVE-2025-40778, predict the source port and query ID that BIND will use CVE-2025-40780, or cause CPU exhaustion CVE-2025-8677. AIX uses ISC BIND as as part of its DNS functions. Vulnerability Details...

Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-40778 CVE-2025-40780 CVE-2025-8677)

IBM SECURITY ADVISORY First Issued: Wed Feb 18 08:49:11 CST 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory29.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-40778, CVE-2025-40780,...

PT-2026-20537

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the license name and license code fields. Attackers can craft a malicious payload of 6000 bytes to trigger a bind shell on port 4444 by exploiting a...

PT-2026-20536

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.3.1.3)

The version of AHV installed on the remote host is prior to AHV-10.3.1.3. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.3.1.3 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function...

Node.js: Node.js Permission Model bypass: UDS server bind/listen works without `--allow-net`

Vulnerability description not provided...

Advisory ROSA-SA-2026-3141

Software: bind 9.11.36 OS: ROSA Virtualization 3.1 unaffected versions = bind-9.11.36-16.rv31.6 affected versions bind-9.11.36-16.rv31.6 CVE-ID: CVE-2025-40778 BDU-ID: 2025-13637 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to the loading of external unreliable data...

Advisory ROSA-SA-2026-3136

Software: bind 9.11.36 OS: ROSA Virtualization 3.0 unaffected versions = bind-9.11.36-16.rv30.6 affected versions bind-9.11.36-16.rv30.6 CVE-ID: CVE-2025-40778 BDU-ID: 2025-13637 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to the loading of external unreliable data...

Advisory ROSA-SA-2026-3131

Software: bind 9.11.36 OS: ROSA Virtualization 2.1 unaffected versions = bind-9.11.36-16.rv3.6 affected versions bind-9.11.36-16.rv3.6 CVE-ID: CVE-2025-40778 BDU-ID: 2025-13637 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the BIND DNS server is related to the loading of external unreliable data...

CVE-2026-23132

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: synopsys: dw-dp: fix error paths of dwdpbind Fix several issues in dwdpbind error handling: 1. Missing return after drmbridgeattach failure - the function continued execution instead of returning an error. 2. Resource...

CVE-2019-25318

AVS Audio Converter 9.1.2.600 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by manipulating the output folder text input. Attackers can craft a malicious payload that overwrites stack memory and triggers a bind shell on port 9999 when the 'Browse' button ...

PT-2026-8127

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: synopsys: dw-dp: fix error paths of dw dp bind Fix several issues in dw dp bind error handling: 1. Missing return after drm bridge attach failure - the function continued execution instead of returning an error. 2...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103100)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103100 advisory. - A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-7.3.1.4)

The version of AOS installed on the remote host is prior to 7.3.1.4. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-7.3.1.4 advisory. - Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10.1.14)

The version of AOS installed on the remote host is prior to 6.10.1.14. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10.1.14 advisory. - Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.0.1)

The version of AHV installed on the remote host is prior to AHV-11.0.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.0.1 advisory. - Uncontrolled recursion in XPath evaluation in libxml2 up to and including version 2.9.14 allows a local attacker to...

CVE-2019-25327

Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110...

CVE-2019-25319

Domain Quester Pro 6.02 contains a stack overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH registers. Attackers can craft a malicious payload targeting the 'Domain Name Keywords' input field to trigger an access violation...