Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002372)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002372 advisory. The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic an...

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation.

...

SUSE CVE-2024-56372

In the Linux kernel, the following vulnerability has been resolved: net: tun: fix tunnapiallocfrags syzbot reported the following crash 1 Issue came with the blamed commit. Instead of going through all the iov components, we keep using the first one and end up with a malformed skb. 1 kernel BUG a...

PT-2024-21528

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A warning in copy from iter has been reported by Syzkaller due to an iov iter being used in the wrong direction. This occurs when a request with a transfer direction of SG DXFER TO FROM...

CVE-2021-31756

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get...

Bolt CMS Cross-Site Scripting Vulnerability

Bolt CM is an open source content management system developed by the Bolt community. A cross-site scripting vulnerability exists in Bolt CMS version 3.2.14. A remote attacker can use text input to inject arbitrary web script or HTML...