Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002904)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002904 advisory. The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service duplicate freelist...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003164)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003164 advisory. Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 committed on April 14,...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002217)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002217 advisory. The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, whi...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002649 advisory. The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier fo...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002116)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002116 advisory. The scosockbind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003515)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003515 advisory. In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function showflopp...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003532)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003532 advisory. An issue was discovered in the fdlockedioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003529)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003529 advisory. In the Linux kernel through 4.15.4, the floppy driver reveals the addresses of kernel functions and global variables using printk calls within the function showflopp...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003306)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003306 advisory. The acpinsevaluate function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which...

MiracleLinux 9 : kernel-5.14.0-503.40.1.el9_5 (AXSA:2025-9934:30)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9934:30 advisory. kernel: kobjectuevent: Fix OOB access within zapmodaliasenv CVE-2024-42292 kernel: ipvs: properly dereference pe in ipvsaddservice CVE-2024-42322...

CVE-2009-4326

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature DPF is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...

ASLR-bypass-simulation

ASLR Bypass Simulator An interactive educational web applicat...

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

CVE-2025-69217

CVE-2025-69217 pertains to coturn (TURN/STUN server). Affected releases: 4.6.2r5–4.7.0-r4 have a weak RNG for nonces and port randomization due to a refactor, using libc random() instead of OpenSSL RAND_bytes (non-Windows). Attacking with ~50 consecutive unauthenticated nonce requests can reconst...

Nintendo: ASLR leak in Mario Kart World through LAN mode

A vulnerability was discovered in the LAN mode of Mario Kart World that allowed an ASLR leak. This vulnerability was found in the game's software...

Advisory ROSA-SA-2025-3103

Software: rsync 3.1.3 OS: ROSA Virtualization 2.1 packageevrstring: rsync-3.1.3-20.rv3 CVE-ID: CVE-2022-37434 BDU-ID: 2022-05325 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory...

Logic Encryption: This Time for Real

Modern circuits face various threats like reverse engineering, theft of intellectual property IP, side-channel attacks, etc. Here, we present a novel approach for IP protection based on logic encryption LE. Unlike established schemes for logic locking, our work obfuscates the circuit's structure...

Mozilla Firefox < 51.0

The version of Firefox installed on the remote Windows host is prior to 51.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-01 advisory. - A use-after-free vulnerability in the Media Decoder when working with media files when some events are fired after the...

Malicious code in neutronstar-regulus-sqlite-stratosphere (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cd76a2dd4b6f1c8374b68d6f578a4c53895f8cdc8fad0504324a71a8377a5e5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...