Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013570 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix DMA transfer direction When CONFIGDMAAPIDEBUG is selected, while running the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013760)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013760 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the...

PT-2026-35583

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported versions extension in TLS. A remote attacker could possibly use this issue to...

PT-2026-34584

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 uses weaker than expected cryptographic algorithms that could allow an...

PT-2026-35584

USN-8196-1 fixed vulnerabilities in strongSwan. This update provides the corresponding update to Ubuntu 26.04 LTS. Original advisory details: Haruto Kimura discovered that strongSwan incorrectly handled the supported versions extension in TLS. A remote attacker could possibly use this issue to...

EUVD-2025-209539

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

CVE-2025-1241

CVE-2025-1241 affects Fortra GoAnywhere MFT (prior to 7.10.0) and GoAnywhere Agents (prior to 2.2.0) where a static IV enables brute-force decryption of encrypted values. Impact is confidentiality (high), with network access required and admin privileges needed. Remediation: upgrade to GoAnywhere...

CVE-2025-1241 Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

CVE-2025-1241

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

PT-2026-33974

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data...

Ubuntu 25.10 : Rack::Session vulnerability (USN-8190-1)

The remote Ubuntu 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8190-1 advisory. SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011064)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011064 advisory. In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the...

CVE-2026-6550

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be...

USN-8190-1: Rack::Session vulnerability

SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access...

USN-8190-1 ruby-rack-session vulnerability

SeungMyung Lee discovered that Rack::Session did not properly reject cookies upon decryption failure. A remote attacker could use this issue to manipulate session contents and possibly gain unauthorized access...

AlmaLinux 8 : .NET 9.0 (ALSA-2026:8475)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:8475 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203 dotnet:...

AlmaLinux 8 : .NET 10.0 (ALSA-2026:8473)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:8473 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203 dotnet:...

RLSA-2026:8471 Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.106 and .NET Runtime...

RLSA-2026:8469 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.126 and .NET Runtime...