Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000403)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000403 advisory. The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-after- free because skcd-norefcnt was not considered during a...

Atlassian Jira Service Desk < 4.13.9 Template Injection Code Execution

According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 4.14.x prior to 4.18.0. It is, therefore, affected by a flaw which may allow remote attackers with Jira Administrator access to execute arbitrary Java code or...

Atlassian Jira Service Management 4.14.0 < 4.18.0 Template Injection Code Execution

According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 4.14.x prior to 4.18.0. It is, therefore, affected by a flaw which may allow remote attackers with Jira Administrator access to execute arbitrary Java code or...

Atlassian Jira Service Management 4.21.x < 4.22.2 Internal Network Leakage Service-Side Request Forgery

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.14.x prior to 4.2.8 or 4.21.x prior to 4.22.2. It is, therefore, affected by a flaw which may allow authenticated remote attackers to access the content of internal...

Atlassian Jira Service Management 4.14.x < 4.20.8 Internal Network Leakage Service-Side Request Forgery

According to its self-reported version number, the Atlassian Jira Service Desk application running on the remote host is version 4.14.x prior to 4.2.8 or 4.21.x prior to 4.22.2. It is, therefore, affected by a flaw which may allow authenticated remote attackers to access the content of internal...

Samba DoS Vulnerability (CVE-2022-32745)

Samba is prone to a denial of service DoS vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

CVE-2020-29570

An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels c...

Samba 4.13.x < 4.13.14 / 4.14.x < 4.14.10 / 4.15.x < 4.15.2 Multiple Vulnerabilities

The version of Samba running on the remote host is 4.13.x prior to 4.13.14, 4.14.x prior to 4.14.10, or 4.15.x prior to 4.15.2. It is, therefore, potentially affected by multiple vulnerabilities as referenced in the vendor advisory. Note that Nessus has not tested for these issues but has instead...

CVE-2021-3308

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...

CVE-2021-3308

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...

CVE-2021-3308

An issue was discovered in Xen 4.12.3 through 4.12.4 and 4.13.1 through 4.14.x. An x86 HVM guest with PCI pass through devices can force the allocation of all IDT vectors on the system by rebooting itself with MSI or MSI-X capabilities enabled and entries setup. Such reboots will leak any vectors...

Xen Security Vulnerabilities

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in Xen 4.12....

DEBIAN-CVE-2020-29481

An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfortunately, existing granted access rights are not removed when a domain is being destroyed. This means that a new domain created with the same domid will inherit the access rights to Xenstore nodes...

CVE-2020-29483

An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory page using a specific protocol. When a guest violates this protocol, xenstored will drop the connection to that guest. Unfortunately, this is done by just removing the guest from xenstored's intern...

CVE-2020-29485

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

Information disclosure

An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XSRESETWATCHES request, not all tracking information is freed. A guest can cause unbounded memory usage in oxenstored. This can lead to a system-wide DoS. Only systems using the Ocaml Xenstored implementation are...

CVE-2020-29484

An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that registered the watch will receive a Xenstore message containing the path of the modified Xenstore entry that triggered the watch, and the tag that was specified when registering the watch. Any...

CVE-2020-29484

The CVE-2020-29484 issue affects Xen up through 4.14.x. When a Xenstore watch fires, the payload of the watch event can exceed 4096 bytes due to a large registration tag, enabling a malicious guest to trigger events with oversized payloads and cause a NULL pointer dereference in xenstored. This l...

CVE-2020-29567

An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checke...

CVE-2020-29567

An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checke...