Unity Linux 20.1070e Security Update: cfitsio (UTSA-2026-016765)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016765 advisory. In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An...

Unity Linux 20.1070e Security Update: springframework (UTSA-2026-016731)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016731 advisory. In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from...

Unity Linux 20.1070e Security Update: datanucleus-core (UTSA-2026-016737)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016737 advisory. Apache Log4j2 2.0-beta9 through 2.15.0 excluding security releases 2.12.2, 2.12.3, and 2.3.1 JNDI features used in configuration, log messages, and parameters do not...

Unity Linux 20.1060e / 20.1070e Security Update: wildfly-common (UTSA-2026-016679)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016679 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016665 advisory. Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: xmlrpc (UTSA-2026-016592)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016592 advisory. An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious...

Unity Linux 20.1070e Security Update: jgroups (UTSA-2026-016753)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016753 advisory. Apache Log4j2 versions 2.0-beta7 through 2.17.0 excluding security fix releases 2.3.2 and 2.12.4 are vulnerable to a remote code execution RCE attack when a...

Unity Linux 20.1070e Security Update: mysql-connector-java (UTSA-2026-016694)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016694 advisory. Vulnerability in the MySQL Connectors component of Oracle MySQL subcomponent: Connector/J. Supported versions that are affected are 8.0.15 and prior. Difficult to...

Unity Linux 20.1070e Security Update: nekohtml (UTSA-2026-016755)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016755 advisory. org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-pillow (UTSA-2026-016600)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016600 advisory. Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL. Tenable has extracted the preceding description block directly from the Unity Linux security...

Unity Linux 20.1060e / 20.1070e Security Update: grafana (UTSA-2026-016686)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016686 advisory. Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-websocket-extensions (UTSA-2026-016659)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016659 advisory. websocket-extensions ruby module prior to 0.1.5 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a head...

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-hosted-git-info (UTSA-2026-016626)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016626 advisory. The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in...

Unity Linux 20.1070e Security Update: log4j (UTSA-2026-016725)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016725 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. This could allows attackers with...

Unity Linux 20.1060e / 20.1070e Security Update: openblas (UTSA-2026-016623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016623 advisory. An out-of-bounds read flaw was found in the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack through version 3.10.0, as also used in OpenBLAS before version...

Unity Linux 20.1060e / 20.1070e Security Update: python-flask-restx (UTSA-2026-016606)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016606 advisory. Flask-RESTX pypi package flask-restx is a community driven fork of Flask-RESTPlus. Flask-RESTX before version 0.5.1 is vulnerable to ReDoS Regular Expression Denial ...

Unity Linux 20.1070e Security Update: hibernate (UTSA-2026-016690)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016690 advisory. A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit...

Unity Linux 20.1060e / 20.1070e Security Update: mybatis (UTSA-2026-016669)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016669 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-underscore (UTSA-2026-016621)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016621 advisory. The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function,...

Unity Linux 20.1070e Security Update: infinispan (UTSA-2026-016712)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016712 advisory. The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this...