CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources e.g. databases, port allocations, or backups that can exist for an individual server. These resource limits are applied on a per-server basis, and...

ROS-20260119-7372

A vulnerability in the ethernet/hisilicon/hns3 components of the Linux operating system kernel involves improper resource locking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260119-7302

A vulnerability in the memcg component of the Linux operating system kernel is related to insufficient locking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Pterodactyl Panel security vulnerabilities

Pterodactyl Panel is an open-source game server management panel developed by Pterodactyl. Versions of Pterodactyl Panel prior to 1.12.0 contained security vulnerabilities. These vulnerabilities stemmed from resource limit verification occurring early in the request cycle and failing to lock down...

ROS-20260119-7383

A vulnerability in the net/batman-adv components of the Linux operating system kernel is related to thread locking errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260119-7381

A vulnerability in the drivers/tty/serial/xilinxuartps.c component of the Linux operating system kernel is related to insufficient locking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260119-7350

A vulnerability in the rosebind function of the net/rose/afrose.c component of the Linux operating system kernel is related to insufficient locking. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003649 advisory. In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with fhid. Tenable has extracted the precedin...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000574)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000574 advisory. The trytounmapcluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to caus...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001243)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001243 advisory. In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with fhid. Tenable has extracted the precedin...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004771)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004771 advisory. In rcucblistdequeue of rcusegcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel wit...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000867)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000867 advisory. The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows loca...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003927)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003927 advisory. In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free ...

MiracleLinux 3 : kernel-2.6.18-348.5.AXS3 (AXSA:2013-550:05)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-550:05 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating system:...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003612)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003612 advisory. In driveroverridestore and driveroverrideshow of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege wit...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003584)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003584 advisory. In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with fhid. Tenable has extracted the precedin...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004273 advisory. In blkmqqueuetagbusyiter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000874)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000874 advisory. In ashmemioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabli...

CVE-2026-21914

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service Dos. If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol GTP Modify Bearer Request message, ...

CVE-2026-21914

An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service Dos. If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol GTP Modify Bearer Request message, ...