Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001677)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001677 advisory. drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev-buf release. Tenable has extracted the preceding description block directly from...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001084)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001084 advisory. Use-after-free vulnerability in the kvmioctlcreatedevice function in virt/kvm/kvmmain.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of...

K000159078: Podman vulnerability CVE-2024-3056

Security Advisory Description A flaw was found in Podman. This issue may allow an attacker to create a specially crafted container that, when configured to share the same IPC with at least one other container, can create a large number of IPC resources in /dev/shm. The malicious container will...

CVE-2025-68813

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...

CVE-2025-68813 ipvs: fix ipv4 null-ptr-deref in route error path

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL pointer dereference in fibcomputespecdst when ipv4linkfailure attempts t...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not setting skb-dev in a routing error path, which could lead to a null pointer dereference...

Linux Distros Unpatched Vulnerability : CVE-2025-68813

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in ipvsgetoutrt calls dstlinkfailure without ensuring skb-dev is set, leading to a NULL...

runc: container escape via 'masked path' abuse due to mount race conditions

A flaw was found in runc. This flaw exploits an issue with how masked paths are implementedin runc. When masking files, runc will bind-mount the container's /dev/null inode on top of the file. However, if an attacker can replace /dev/null with a symlink to some other procfs file, runc will instea...

ROS-20260112-7319

A vulnerability in the ax25addrax25dev function of module net/ax25/ax25dev.c of the Linux operating system kernel is related to resource leakage. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Malicious code in libc-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cb6d8dc8c1dde2d0e31a36f23ab7fbd5931d00834eef4d6ee225cada5edbb44c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-191 Malicious code in libc-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cb6d8dc8c1dde2d0e31a36f23ab7fbd5931d00834eef4d6ee225cada5edbb44c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

EUVD-2026-1910

Malicious code in libc-dev PyPI...

CVE-2023-25341

A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests...

CVE-2023-31284

illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net...

CVE-2022-33036

A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file...

CVE-2022-33037

A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file...

CVE-2022-31585

The umeshpatil-dev/Homeinternet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

CVE-2020-24804

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...

CVE-2024-34455

Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2...

CVE-2023-4754

Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV...