14421 matches found
CVE-2026-40711
Dell Dell Container Storage Modules, versions csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with remote access...
CVE-2026-40711
Dell Container Storage Modules (csi-powerstore v2.16.0, csi-unity v2.16.0, csi-powerflex v2.16.0, csi-powermax v2.16.0) are affected by an OS Command Injection vulnerability (Improper Neutralization of Special Elements used in an OS Command). A high-privilege attacker with remote access could exp...
CVE-2026-20078
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...
CVE-2026-20081
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...
CVE-2026-20059
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate...
CVE-2026-20060
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerabili...
CVE-2026-20034
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability ...
CVE-2026-20035
A vulnerability in the web UI of Cisco Unity Connection Web Inbox could allow an unauthenticated, remote attacker to conduct SSRF attacks through an affected device. This vulnerability is due to improper input validation for specific HTTP requests. An attacker could exploit this vulnerability by...
Unity Linux 20.1060e / 20.1070e Security Update: openjpeg (UTSA-2026-016638)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016638 advisory. Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service application crash or...
Unity Linux 20.1060e / 20.1070e Security Update: mod_auth_openidc (UTSA-2026-016590)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016590 advisory. modauthopenidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users again...
Unity Linux 20.1060e / 20.1070e Security Update: wildfly-elytron (UTSA-2026-016677)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016677 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...
Unity Linux 20.1060e / 20.1070e Security Update: google-gson (UTSA-2026-016683)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016683 advisory. The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace method in internal classes, which may lea...
Unity Linux 20.1070e Security Update: mojarra (UTSA-2026-016756)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016756 advisory. Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. Tenable has extracted the...
Unity Linux 20.1070e Security Update: wildfly-security-manager (UTSA-2026-016746)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016746 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...
Unity Linux 20.1070e Security Update: wildfly-build-tools (UTSA-2026-016705)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016705 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...
Unity Linux 20.1060e / 20.1070e Security Update: gd (UTSA-2026-016663)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016663 advisory. readheadertga in gdtga.c in the GD Graphics Library aka LibGD through 2.3.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted TGA...
Unity Linux 20.1060e / 20.1070e Security Update: gupnp (UTSA-2026-016639)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016639 advisory. An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to trick ...
Unity Linux 20.1070e Security Update: strongswan (UTSA-2026-016762)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016762 advisory. In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and in the case of EAP methods...
Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016678)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016678 advisory. Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin...
Unity Linux 20.1070e Security Update: datanucleus-core (UTSA-2026-016709)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016709 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...