Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013642)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013642 advisory. In the Linux kernel, the following vulnerability has been resolved: fpga: prevent integer overflow in dflfeatureioctlsetirq The hdr.count sizeofs32 multiplication ca...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013509)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013509 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes with dev-modeconfig.mutex The modes array contains pointers to...

OpenC3 COSMOS is Vulnerable to Self-XSS Through the Command Sender

Summary The Command Sender UI uses an unsafe eval function on array-like command parameters, which allows a user-supplied payload to execute in the browser when sending a command. This creates a self-XSS risk because an attacker can trigger their own script execution in the victim’s session, if...

PT-2026-34383

In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2 len with offsetof in smb2 calc max out buf len After this commit e2b76ab8b5c9 "ksmbd: add support for read compound", response buffer management was changed to use dynamic iov array. In the new desig...

PT-2026-36880

Name of the Vulnerable Software and Affected Versions OpenC3 COSMOS versions prior to 7.0.0 Description The Command Sender UI uses an unsafe eval function on array-like command parameters. This allows a user-supplied payload to execute in the browser when sending a command, creating a self-XSS...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from multiple sysfs command paths accessing contextsarr0 without verifying the contexts-nr, potentially...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013725)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013725 advisory. In the Linux kernel, the following vulnerability has been resolved: power: supply: adp5061: fix out-of-bounds read in adp5061getchgtype ADP5061CHGSTATUS1CHGSTATUS is...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013563)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013563 advisory. In the Linux kernel, the following vulnerability has been resolved: md/raid1: stop mdxraid1 thread when raid1 array run failed fail run raid1 array when we assemble...

Unity Linux 20.1050e / 20.1060e Security Update: kernel (UTSA-2026-013408)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013408 advisory. In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btreeiter btreeiter is used in two ways: either...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-012952)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012952 advisory. In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev-serial If kobjectadd is fail in bindrdevtoarray, 'rdev-serial' will be...

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006920)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006920 advisory. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: use arrayindexnospec with indices that come from guest min and destid are...

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011228)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011228 advisory. In the Linux kernel, the following vulnerability has been resolved: phy: hisilicon: Fix an out of bounds check in hisiinnophyprobe The size of array 'priv-ports' is...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013222)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013222 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha-hoststr' of size 16 ma...

fontforge: FontForge: Remote Code Execution via malicious SFD file parsing

A flaw was found in FontForge. This vulnerability allows a remote attacker to execute arbitrary code by tricking a user into opening a specially crafted SFD Spline Font Database file. The issue stems from improper validation of array indexes during SFD file parsing, which can lead to writing data...

ROS-20260420-73-0041

Vulnerability in beats related to unchecked array indexing. Exploitation of the vulnerability may allow an attacker to affect confidentiality, integrity and availability of protected information...

BIT-GOLANG-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile

The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007559)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007559 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following...

CLSA-2026-1776354546 jq: Fix of CVE-2024-23337

CVE-2024-23337: fix signed integer overflow in jvparraywrite and jvpobjectrehash that could lead to SEGV on growing arrays and objects...

GHSA-VMJJ-QR7V-PXM6 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...