Vulnerability fixed in Fortinet FortiSIEM

Fortinet has fixed a vulnerability in FortiSIEM Versions 6.7.0 to 7.4.0. The vulnerability is in the way FortiSIEM handles TCP requests. Unauthenticated attackers can exploit this vulnerability to execute unauthorized code or commands through specially crafted TCP requests. This can lead to...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003712)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003712 advisory. Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000714)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000714 advisory. The sctpassociationfree function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000580)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000580 advisory. The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000856)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000856 advisory. The tcprcvstateprocess function in net/ipv4/tcpinput.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service kernel resource...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001454)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001454 advisory. A race condition in Linux kernel SCTP sockets net/sctp/socket.c before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001178)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001178 advisory. The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote...

Dive code injection vulnerability

Dive is a desktop application for MCP hosts, open-sourced by OpenAgentPlatform. Versions of Dive prior to 0.13.0 contained a code injection vulnerability. This vulnerability stemmed from specially crafted deep links that allowed the installation of MCP server configurations controlled by attacker...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000930)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000930 advisory. The sctpsfdo524dupcook function in net/sctp/smstatefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during th...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001037)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001037 advisory. net/ipv4/tcpinput.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hija...

CVE-2026-21918

A Double Free vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of...

EUVD-2026-2697

A Double Free vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS. On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of...

CVE-2026-21905 Junos OS: SRX Series, MX Series with MX-SPC3 or MS-MPC: Receipt of multiple specific SIP messages results in flow management process crash

A Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the SIP application layer gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow...

EUVD-2026-2687

A Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the SIP application layer gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow...

CVE-2026-21905 Junos OS: SRX Series, MX Series with MX-SPC3 or MS-MPC: Receipt of multiple specific SIP messages results in flow management process crash

A Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in the SIP application layer gateway ALG of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002072)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002072 advisory. The SCTP implementation in the Linux kernel before 3.17.4 allows remote attackers to cause a denial of service memory consumption by triggering a large number of...

PT-2026-3119

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC versions prior to 21.2R3-S10 Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC versions 21.4 through 21.4R3-S12 Juniper Networks Junos OS o...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002770)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002770 advisory. The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service infinite loop and soft lockup via...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002018)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002018 advisory. The sctpsfdo51Dce function in net/sctp/smstatefuns.c in the Linux kernel through 3.13.6 does not validate certain authenable and authcapable fields before making an...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003359 advisory. A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1...