Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: squid (UTSA-2026-016517)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016517 advisory. Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Affected versions of squid are subject to a a Use-After-Free bug which can lead to a Deni...

PT-2025-32703 · Unknown · Clock Jitter Tool

Name of the Vulnerable Software and Affected Versions: Clock Jitter Tool versions prior to 6.0.1 Description: An uncontrolled search path issue exists in some Clock Jitter Tool software. This issue may allow an authenticated user to potentially escalate privileges via local access. Recommendation...

GHSA-9P8X-F768-WP2G xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References

Impact An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the id parameter in Oqtane.Controllers.UserController. Remediation Upgrade Oqtane.Server to version 6.0.1 or higher. References - GitHub Commit - GitHub PR - Medium Blog Credit: Rudra...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the manipulation of the notification ID in the request URL by a logged-in attacker. This issue due to insufficient authorization checks, enabling attackers to view sensitive mail details belonging to othe...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the manipulation of the notification ID in the request URL by a logged-in attacker. This issue due to insufficient authorization checks, enabling attackers to view sensitive mail details belonging to othe...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation via the entityid parameter in the /api/Setting endpoint, due to insufficient server-side validation of authentication and authorization. Remediation Upgrade Oqtane.Framework to version 6.0.1 or higher. References -...

Improper Link Resolution Before File Access ('Link Following')

Overview Affected versions of this package are vulnerable to Improper Link Resolution Before File Access 'Link Following' through the manipulation of the installation process on Windows OS. An unprivilaged attacker can elevate privileges by exploiting this vulnerability. Remediation Upgrade...

PT-2023-7926 · Squid +7 · Squid +8

Name of the Vulnerable Software and Affected Versions: Squid versions 3.5 through 5.9 Description: Squid is a caching proxy for the Web that supports HTTP, HTTPS, FTP, and more. The affected versions of Squid are subject to a Use-After-Free bug, which can lead to a Denial of Service attack via...

PT-2023-19087 · Sanitize +3 · Sanitize +3

Name of the Vulnerable Software and Affected Versions: Sanitize versions 5.0.0 through 6.0.1 Description: Sanitize is an allowlist-based HTML and CSS sanitizer. When configured with a custom allowlist that allows noscript elements, attackers can include arbitrary HTML, resulting in cross-site...

[ASA-202210-2] linux: multiple issues

Arch Linux Security Advisory ASA-202210-2 ========================================= Severity: Critical Date : 2022-10-14 CVE-ID : CVE-2022-41674 CVE-2022-42719 CVE-2022-42720 CVE-2022-42721 CVE-2022-42722 Package : linux Type : multiple issues Remote : Yes Link :...